Mitchellkrogza/apache-ultimate-bad-bot-blocker- apache Block Bad Bots,(Referer)垃圾郵件推薦人阻止器,脆弱性掃描儀,惡意軟件,Adware,lansomware,lansomware,惡意站點,WordPress主題探測器和失敗2ban監獄,用於重複犯罪者
plackyhacker/Suspended-Thread-Injection - Another meterpreter injection technique using C# that attempts to bypass Defender
0x727/SchTask_0x727 - 创建隐藏计划任务,权限维持,Bypass AV
7hr0wer/ProxyValidator - 用C#开发的简单的多线程代理验证工具。
tevora-threat/SharpView - C# implementation of harmj0y's PowerView
pornin/paradox-compress - Paper and Demo Implementation of Paradoxical Compression with VDF
StarZHF/Foxmail-Password-Recovery -
zacateras/sddl-parser - Security Descriptor Definition Language (SDDL) Parser
pentest-tools-public/Pass-to-hash-EWS -
GhostPack/SharpDPAPI - SharpDPAPI is a C# port of some Mimikatz DPAPI functionality.
lassehauballe/Eternalblue - Eternalblue written in CSharp. Contains version detection, vulnerability scanner and exploit of MS17-010
ChoiSG/SharpJfmaesWorkshop - things I learned from @jfmaes's .NET reflection workshop - thank you for the great workshop
RiccardoAncarani/LiquidSnake - LiquidSnake is a tool that allows operators to perform fileless lateral movement using WMI Event Subscriptions and GadgetToJScript
waf/CSharpRepl - A command line C# REPL with syntax highlighting – explore the language, libraries and nuget packages interactively.
eladshamir/Whisker - Whisker is a C# tool for taking over Active Directory user and computer accounts by manipulating their msDS-KeyCredentialLink attribute, effectively adding "Shadow Credentials" to the target account.
evilashz/SharpADUserIP - 提取DC日志,快速获取域用户对应IP地址
iomoath/SharpSpray - Active Directory password spraying tool. Auto fetches user list and avoids potential lockouts.
EncodeGroup/UAC-SilentClean - New UAC bypass for Silent Cleanup for CobaltStrike
deadjakk/Reg1c1de - Registry permission scanner written in C# for finding potential privesc avenues within registry
mai1zhi2/SharpBeacon - CobaltStrike Beacon written in .Net 4 用.net重写了stager及Beacon,其中包括正常上线、文件管理、进程管理、令牌管理、结合SysCall进行注入、原生端口转发、关ETW等一系列功能
mobdk/Upsilon - Upsilon execute shellcode with syscalls - no API like NtProtectVirtualMemory is used
RedSiege/EDD - Enumerate Domain Data
chvancooten/OSEP-Code-Snippets - A repository with my notable code snippets for Offensive Security's PEN-300 (OSEP) course.
w1u0u1/smb2os - Use smb2 protocol to detect remote computer os version, support win7/server2008-win10/server2019
iomoath/SharpStrike - A Post exploitation tool written in C# uses either CIM or WMI to query remote systems.
gellin/bantam - A PHP backdoor management and generation tool/C2 featuring end to end encrypted payload streaming designed to bypass WAF, IDS, SIEM systems.
PwnDexter/SharpEDRChecker - Checks running processes, process metadata, Dlls loaded into your current process and the each DLLs metadata, common install directories, installed services and each service binaries metadata, install
nettitude/SharpSocks - Tunnellable HTTP/HTTPS socks4a proxy written in C# and deployable via PowerShell
med0x2e/SigFlip - SigFlip is a tool for patching authenticode signed PE files (exe, dll, sys ..etc) without invalidating or breaking the existing signature.
CCob/BeaconEye - Hunts out CobaltStrike beacons and logs operator command output
GhostPack/ForgeCert - "Golden" certificates
GhostPack/Certify - Active Directory certificate abuse.
Flangvik/DeployPrinterNightmare - C# tool for installing a shared network printer abusing the PrinterNightmare bug to allow other network machines easy privesc!
GhostPack/SharpWMI - SharpWMI is a C# implementation of various WMI functionality.
Flangvik/ADCSPwn - A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
bats3c/ADCSPwn - A tool to escalate privileges in an active directory network by coercing authenticate from machine accounts and relaying to the certificate service.
med0x2e/GadgetToJScript - A tool for generating .NET serialized gadgets that can trigger .NET assembly load/execution when deserialized using BinaryFormatter from JS/VBS/VBA based scripts.
zcgonvh/EfsPotato - Exploit for EfsPotato(MS-EFSR EfsRpcOpenFileRaw with SeImpersonatePrivilege local privalege escalation vulnerability).
OG-Sadpanda/SharpSword - Read the contents of MS Word Documents using Cobalt Strike's Execute-Assembly
klezVirus/CheeseTools - Self-developed tools for Lateral Movement/Code Execution
OG-Sadpanda/SharpExcelibur - Read Excel Spreadsheets (XLS/XLSX) using Cobalt Strike's Execute-Assembly
AnErrupTion/LoGiC.NET - A free and open-source .NET obfuscator using dnlib.
Mr-Un1k0d3r/ADHuntTool - official repo for the AdHuntTool (part of the old RedTeamCSharpScripts repo)
MythicAgents/Apollo - A .NET Framework 4.0 Windows Agent
Yaxser/SharpPhish - Using outlook COM objects to create convincing phishing emails without the user noticing. This project is meant for internal phishing.
Kara-4search/DInvoke_shellcodeload_CSharp - ShellCodeLoader via DInvoke
Flangvik/SharpProxyLogon - C# POC for CVE-2021-26855 aka ProxyLogon, supports the classically semi-interactive web shell as well as shellcode injection
dahall/Vanara - A set of .NET libraries for Windows implementing PInvoke calls to many native Windows APIs with supporting wrappers.
lithnet/ad-password-protection - Active Directory password filter featuring breached password checking and custom complexity rules
dionach/NtdsAudit - An Active Directory audit utility
AaronRobinsonMSFT/COMInterop - Example on how to consume a COM server from a .NET client and a .NET server from a COM client. Examples are for both using the Registry and for RegFree.
AdamWhiteHat/Judge-Jury-and-Executable - A file system forensics analysis scanner and threat hunting tool. Scans file systems at the MFT and OS level and stores data in SQL, SQLite or CSV. Threats and data can be probed harnessing the power
S3cur3Th1sSh1t/SyscallAmsiScanBufferBypass - AmsiScanBufferBypass using D/Invoke
mitchmoser/SharpShares - Multithreaded C# .NET Assembly to enumerate accessible network shares in a domain
Dliv3/DomainBorrowing - Domain Borrowing PoC
Cerbersec/DomainBorrowingC2 -
marius-rothenbuecher/PentestBro - Experimental tool for Windows. PentestBro combines subdomain scans, whois, port scanning, banner grabbing and web enumeration into one tool. Uses subdomain list of SecLists. Uses nmap service probes f
jfmaes/SharpNukeEventLog - nuke that event log using some epic dinvoke fu
RowTeam/SharpNTLMSSPExtract - 利用 NTLMSSP 探测 Windows 信息
dahall/TaskScheduler - Provides a .NET wrapper for the Windows Task Scheduler. It aggregates the multiple versions, provides an editor and allows for localization.
FSecureLABS/SharpGPOAbuse - SharpGPOAbuse is a .NET application written in C# that can be used to take advantage of a user's edit rights on a Group Policy Object (GPO) in order to compromise the objects that are controlled by th
S3cur3Th1sSh1t/Sharp-HackBrowserData - C# binary with embeded golang hack-browser-data
w1u0u1/exec - Use current thread token to execute command
WithSecureLabs/physmem2profit - Physmem2profit can be used to create a minidump of a target hosts' LSASS process by analysing physical memory remotely
odedshimon/BruteShark - Network Analysis Tool
calebstewart/bypass-clm - PowerShell Constrained Language Mode Bypass
hausec/MaliciousClickOnceMSBuild - Basic C# Project that will take an MSBuild payload and run it with MSBuild via ClickOnce.
Aetsu/OffensivePipeline - OfensivePipeline allows you to download and build C# tools, applying certain modifications in order to improve their evasion for Red Team exercises.
mdsecactivebreach/Farmer -
KINGSABRI/DotNetToJScriptMini - A simplified version of DotNetToJScript to create a JScript file which loads a .NET v2 assembly from memory.
Kevin-Robertson/Sharpmad - C# version of Powermad
swisskyrepo/SharpLAPS - Retrieve LAPS password from LDAP
Flangvik/AzureC2Relay - AzureC2Relay is an Azure Function that validates and relays Cobalt Strike beacon traffic by verifying the incoming requests based on a Cobalt Strike Malleable C2 profile.
Viralmaniar/BigBountyRecon - BigBountyRecon tool utilises 58 different techniques using various Google dorks and open source tools to expedite the process of initial reconnaissance on the target organisation.
b4rtik/SharpKatz - Porting of mimikatz sekurlsa::logonpasswords, sekurlsa::ekeys and lsadump::dcsync commands
jnqpblc/SharpTask - SharpTask is a simple code set to interact with the Task Scheduler service api and is compatible with Cobalt Strike.
ReverendThing/Carnivore - Microsoft External Attack Tool
FatRodzianko/Get-RBCD-Threaded - Tool to discover Resource-Based Constrained Delegation attack paths in Active Directory environments
FatRodzianko/SharpBypassUAC - C# tool for UAC bypasses
GoSecure/WSuspicious - WSuspicious - A tool to abuse insecure WSUS connections for privilege escalations
bitsadmin/nopowershell - PowerShell rebuilt in C# for Red Teaming purposes
securesean/DecryptAutoLogon - Command line tool to extract/decrypt the password that was stored in the LSA by SysInternals AutoLogon
cube0x0/SharpMapExec -
jas502n/SSCMS_Decrypt - sscms database decrypt
outflanknl/EvilClippy - A cross-platform assistant for creating malicious MS Office documents. Can hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools. Runs on Linux, OSX and Windows.
RcoIl/CSharp-Tools - .NET C# Tools
Ch1ngg/SharpGetTitle - SharpGetTitle - 基于 C# 的多线程 Web Title 扫描器
antonioCoco/RunasCs - RunasCs - Csharp and open version of windows builtin runas.exe
rocksdanister/lively - Free and open-source software that allows users to set animated desktop wallpapers and screensavers powered by WinUI 3.
huiyadanli/RevokeMsgPatcher - A hex editor for WeChat/QQ/TIM - PC版微信/QQ/TIM防撤回补丁(我已经看到了,撤回也没用了)
cobbr/SharpSploit - SharpSploit is a .NET post-exploitation library written in C#
med0x2e/NoAmci - Using DInvoke to patch AMSI.dll in order to bypass AMSI detections triggered when loading .NET tradecraft via Assembly.Load().
smartlockpicking/BLE_HackMe - Bluetooth Low Energy hardware-less HackMe
awaescher/Fusion - ? A modern alternative to the Microsoft Assembly Binding Log Viewer (FUSLOGVW.exe)
rasta-mouse/ThreatCheck - Identifies the bytes that Microsoft Defender / AMSI Consumer flags on.
xforcered/StandIn - StandIn is a small .NET35/45 AD post-exploitation toolkit
EncodeGroup/AggressiveProxy - Project to enumerate proxy configurations and generate shellcode from CobaltStrike
xiaoxiaoleo/Scan-and-Clean-Macro-Virus - Scan and clean specific Macro Virus, #C Sharp
Mr-Un1k0d3r/RedTeamCSharpScripts - C# Script used for Red Team
TGSAN/CMWTAT_Digital_Edition - CloudMoe Windows 10/11 Activation Toolkit get digital license, the best open source Win 10/11 activator in GitHub. GitHub 上最棒的开源 Win10/Win11 数字权利(数字许可证)激活工具!
wesleydekraker/xamarin-security-scanner - A tool to find security vulnerabilities in Xamarin.Android apps.
dev-2null/KerberosRun - A little tool to play with Kerberos.
ustayready/SharpHose - Asynchronous Password Spraying Tool in C# for Windows Environments
tyranid/DotNetToJScript - A tool to create a JScript file which loads a .NET v2 assembly from memory.
EncodeGroup/AggressiveGadgetToJScript - A Cobalt Strike Aggressor script to generate GadgetToJScript payloads
EncodeGroup/Gopher - C# tool to discover low hanging fruits
b4rtik/SharpAdidnsdump - c# implementation of Active Directory Integrated DNS dumping (authenticated user)
Apr4h/CobaltStrikeScan - Scan files or process memory for CobaltStrike beacons and parse their configuration
r3nhat/SharpWifiGrabber - Sharp Wifi Password Grabber retrieves in clear-text the Wi-Fi Passwords from all WLAN Profiles saved on a workstation.
CCob/Rubeus - Trying to tame the three-headed dog.
rasta-mouse/Fork-n-Run -
microsoft/onefuzz - A self-hosted Fuzzing-As-A-Service platform
checkymander/Zolom - C# Executable with embedded Python that can be used reflectively to run python code on systems without Python installed
r3nhat/GRAT2 - We developed GRAT2 Command & Control (C2) project for learning purpose.
Kudaes/LOLBITS - ** DISCONTINUED ** C2 framework that uses Background Intelligent Transfer Service (BITS) as communication protocol and Direct Syscalls + Dinvoke for EDR user-mode hooking evasion.
vivami/SauronEye - Search tool to find specific files containing specific words, ie files containing passwords..
mez-0/MoveScheduler - .NET 4.0 Scheduled Job Lateral Movement
passthehashbrowns/SharpBuster - SharpBuster is a C# implementation of a directory brute forcing tool. It's designed to be used via Cobalt Strike's execute-assembly and similar tools, when running a similar tool over a SOCKS proxy is
G0ldenGunSec/SharpSecDump - .Net port of the remote SAM + LSA Secrets dumping functionality of impacket's secretsdump.py
chromelyapps/Chromely - Build Cross Platform HTML Desktop Apps on .NET using native GUI, HTML5, JavaScript, CSS, Owin, AspNetCore (MVC, RazorPages, Blazor)
slyd0g/LNKMod - C# project to create or modify existing LNKs
lontivero/Open.NAT - Lightweight and easy-to-use class library to allow port forwarding in NAT devices with UPNP and/or PMP
mez-0/CSharpWinRM - .NET 4.0 WinRM API Command Execution
RiccardoAncarani/DirSync-Poc - A PoC that uses the DirSync protocol to poll Active Directory for changes
BloodHoundAD/SharpHound3 - C# Data Collector for the BloodHound Project, Version 3
BloodHoundAD/SharpHound2 - The Old BloodHound C# Ingestor (Deprecated)
WayneJLee/CsharpAmsiBypass - C# loader for msfvenom shellcode with AMSI bypass
aduskin/AduSkin - A Beautiful WPF Control UI
TalAloni/SMBLibrary - Free, Open Source, User-Mode SMB 1.0/CIFS, SMB 2.0, SMB 2.1 and SMB 3.0 server and client library
rnwood/smtp4dev - smtp4dev - the fake smtp email server for development and testing
3xpl01tc0d3r/ProcessInjection - This program is designed to demonstrate various process injection techniques
Flangvik/SharpAppLocker - C# port of the Get-AppLockerPolicy PS cmdlet
netwrix/pingcastle - PingCastle - Get Active Directory Security at 80% in 20% of the time
RythmStick/ProxyPunch - Finding SSL Blindspots for Red Teams
Mr-B0b/SpaceRunner - This tool enables the compilation of a C# program that will execute arbitrary PowerShell code, without launching PowerShell processes through the use of runspace.
jfmaes/GG-AESY - Hide cool stuff in images :)
MrFooL137/WebSocketRemoteControl - Remote Control With WebSocket
checkymander/Carbuncle - Tool for interacting with outlook interop during red team engagements
fullmetalcache/PowerLine -
djhohnstein/SharpSearch - Search files for extensions as well as text within.
crawl3r/FunWithAMSI - A repo to hold any bypasses I work on/study/whatever
Flangvik/SharpDllProxy - Retrieves exported functions from a legitimate DLL and generates a proxy DLL source code/template for DLL proxy loading or sideloading
jfmaes/TrustJack - Yet another PoC for https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows
Fody/Costura - Embed references as resources
EquiFox/KsDumper - Dumping processes using the power of kernel space !
tomcarver16/ADSearch - A tool to help query AD via the LDAP protocol
bohops/SharpRDPHijack - A POC Remote Desktop (RDP) session hijack utility for disconnected sessions
mvelazc0/PurpleSharp - PurpleSharp is a C# adversary simulation tool that executes adversary techniques with the purpose of generating attack telemetry in monitored Windows environments
git-ecosystem/git-credential-manager - Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services.
SnaffCon/Snaffler - a tool for pentesters to help find delicious candy, by @l0ss and @Sh3r4 ( Twitter: @/mikeloss and @/sh3r4_hax )
360-Linton-Lab/Telemetry - WINDOWS TELEMETRY权限维持
GhostPack/Seatbelt - Seatbelt is a C# project that performs a number of security oriented host-survey "safety checks" relevant from both offensive and defensive security perspectives.
mdsecactivebreach/sitrep -
jfmaes/Clippi-B -
thiagomayllart/Covenant_Alternate - Covenant is a collaborative .NET C2 framework for red teamers.
SpiderLabs/SharpCompile - SharpCompile is an aggressor script for Cobalt Strike which allows you to compile and execute C# in realtime. This is a more slick approach than manually compiling an .NET assembly and loading it into
dotnet/ILMerge - ILMerge is a static linker for .NET Assemblies.
RedLectroid/SearchOutlook - AC# tool to search through a running instance of Outlook for keywords
Flangvik/BetterSafetyKatz - Fork of SafetyKatz that dynamically fetches the latest pre-compiled release of Mimikatz directly from gentilkiwi GitHub repo, runtime patches signatures and uses SharpSploit DInvoke to PE-Load into me
WingsOfDoom/ICU - quick 'n dirty poc based on PoC windows auth prompt in c# based on https://gist.githubusercontent.com/mayuki/339952/raw/2c36b735bc51861a37194971a5e944f22c94df7c/CredentialUI.cs
dev-2null/ADCollector - A lightweight tool to quickly extract valuable information from the Active Directory environment for both attacking and defending.
FuzzySecurity/Sharp-Suite - Also known by Microsoft as Knifecoat ?️
malwareinfosec/EKFiddle - Your Swiss Army knife to analyze malicious web traffic based on the popular Fiddler web debugger.
1y0n/AV_Evasion_Tool - 掩日 - 免杀执行器生成工具
reconness/reconness - ReconNess is a platform to allow continuous recon (CR) where you can set up a pipeline of #recon tools (Agents) and trigger it base on schedule or events.
3gstudent/SharpRDPCheck - Use to check the valid account of the Remote Desktop Protocol(Support plaintext and ntlmhash)
Soledge/BlockEtw - .Net Assembly to block ETW telemetry in current process
Viralmaniar/HiveJack - This tool can be used during internal penetration testing to dump Windows credentials from an already-compromised host. It allows one to dump SYSTEM, SECURITY and SAM hives and once copied to the atta
CCob/SweetPotato - Local Service to SYSTEM privilege escalation from Windows 7 to Windows 10 / Server 2019
djhohnstein/SharpShares - Enumerate all network shares in the current domain. Also, can resolve names to IP addresses.
BeichenDream/BadPotato - Windows 权限提升 BadPotato
infosecn1nja/SharpDoor - SharpDoor is alternative RDPWrap written in C# to allowed multiple RDP (Remote Desktop) sessions by patching termsrv.dll file.
pwntester/ysoserial.net - Deserialization payload generator for a variety of .NET formatters
uknowsec/SweetPotato - Modifying SweetPotato to support load shellcode and webshell
uknowsec/SharpNetCheck -
cobbr/Covenant - Covenant is a collaborative .NET C2 framework for red teamers.
cobbr/Elite - Elite is the client-side component of the Covenant project. Covenant is a .NET command and control framework that aims to highlight the attack surface of .NET, make the use of offensive .NET tradecraf
cyberark/zBang - zBang is a risk assessment tool that detects potential privileged account threats
MichaelGrafnetter/DSInternals - Directory Services Internals (DSInternals) PowerShell Module and Framework
rveldhoven/chocoProxy -
mandiant/SilkETW -
gerardog/gsudo - Sudo for Windows
rasta-mouse/Watson - Enumerate missing KBs and suggest exploits for useful Privilege Escalation vulnerabilities
gabrielxvx/zh-fiddler - Fiddler Web Debugger 中文版
harleyQu1nn/AggressorScripts - Collection of Aggressor scripts for Cobalt Strike 3.0+ pulled from multiple sources
guillaC/wsManager - Webshell Manager
restran/shellcat - ⚡️ ShellCat is a Reverse Shell Manager
xupefei/Locale-Emulator - Yet Another System Region and Language Simulator
YalcinYolalan/WSSAT - WEB SERVICE SECURITY ASSESSMENT TOOL
ShareX/ShareX - ShareX is a free and open source program that lets you capture or record any area of your screen and share it with a single press of a key. It also allows uploading images, text or other types of file
bitbeans/SimpleDnsCrypt - A simple management tool for dnscrypt-proxy
TheM4hd1/PenCrawLer - An Advanced Web Crawler and DirBuster
yingDev/WGestures - Modern mouse gestures for Windows. (C#)
digimezzo/knowte-windows - Note taking
MediaPortal/MediaPortal-2 - Development of MediaPortal 2
RadioWar/NFCGUI - NFCGUI 一个万恶的无聊的Windows图形界面! GUI for libnfc
microsoft/DbgShell - A PowerShell front-end for the Windows debugger engine.
VahidN/GitHubFolderDownloader - It lets you to download a single folder of a repository without cloning or downloading the whole repository.
hexadezi/adbGUI - Wrapper for Android Debug Bridge (ADB) written in C#
mili-tan/mV2RayConfig -
nccgroup/UPnP-Pentest-Toolkit - UPnP Pentest Toolkit for Windows
KeeTrayTOTP/KeeTrayTOTP - Tray TOTP Plugin for KeePass2.
JanisEst/KeePassQRCodeView - KeePass 2.x plugin which shows QR Codes for entry fields.
securifybv/ShellLink - A .NET Class Library for processing ShellLink (LNK) files
canton7/SyncTrayzor - Windows tray utility / filesystem watcher / launcher for Syncthing
TkYu/ChromeUpdater - :)
oneo-me/Arthas-WPFUI - WPF 控件库,支持 .Net 7.0 Windows Desktop
chenjia404/ChromeAutoUpdate - 一个自动更新chrome的小工具
thoemmi/7Zip4Powershell - Powershell module for creating and extracting 7-Zip archives
p3nt4/PowerShdll - Run PowerShell with rundll32. Bypass software restrictions.
tomrus88/CASCExplorer - CASCExplorer
marx-yu/WopiHost - Office Online Server Wopi Host implement, No need Cobalt. Support DOCX, XLSX, PPTX online editing.
zcgonvh/cve-2017-7269-tool - CVE-2017-7269 to webshell or shellcode loader
t3ntman/Social-Engineering-Payloads - Collection of social engineering payloads
Choudai/R10 - Lightweight Ransomware @Choudai
thangchung/awesome-dotnet-core - ? A collection of awesome .NET core libraries, tools, frameworks and software
nsacyber/Windows-Event-Log-Messages - Retrieves the definitions of Windows Event Log messages embedded in Windows binaries and provides them in discoverable formats. #nsacyber
DEVSENSE/Phalanger - PHP 5.4 compiler for .NET/Mono frameworks. Predecessor to the opensource PeachPie project (www.peachpie.io).
isukces/cs2php - C# to PHP compiler
zcgonvh/SSMSPwd - SQL Server Management Studio(SSMS) saved password dumper
dxflatline/flatpipes - A TCP proxy over named pipes. Originally created for maintaining a meterpreter session over 445 for less network alarms.
Kyrodan/KeeAnywhere - A cloud storage provider plugin for KeePass Password Safe
googleprojectzero/sandbox-attacksurface-analysis-tools - Set of tools to analyze Windows sandboxes for exposed attack surface.
Dec0ne/DllNotificationInjection - A POC of a new “threadless” process injection technique that works by utilizing the concept of DLL Notification Callbacks in local and remote processes.
ZeroMemoryEx/Chaos-Rootkit - Now You See Me, Now You Don't
VirtualAlllocEx/Create-Thread-Shellcode-Fetcher - This POC gives you the possibility to compile a .exe to completely avoid statically detection by AV/EPP/EDR of your C2-shellcode and download and execute your C2-shellcode which is hosted on your (C2)
FULLSHADE/Auto-Elevate - Escalate from a low-integrity Administrator account to NT AUTHORITYSYSTEM without an LPE exploit by combining a COM UAC bypass and Token Impersonation
midisec/BypassAnti-Virus - 免杀姿势学习、记录、复现。
44670/p7zip-wasm -
LuxNoBulIshit/Smug_Fu3k -
thiagoralves/OpenPLC_v3 - OpenPLC Runtime version 3
zeek/zeek - Zeek is a powerful network analysis framework that is much different from the typical IDS you may know.
APTortellini/DefenderSwitch - Stop Windows Defender using the Win32 API
hlldz/RefleXXion - RefleXXion is a utility designed to aid in bypassing user-mode hooks utilised by AV/EPP/EDR etc. In order to bypass the user-mode hooks, it first collects the syscall numbers of the NtOpenFile, NtCrea
NtRaiseHardError/Antimalware-Research - Research on Anti-malware and other related security solutions
S3cur3Th1sSh1t/MultiPotato -
hugsy/CFB - Canadian Furious Beaver is a ProcMon-style tool designed only for capturing IRPs sent to any Windows driver.
echo-devim/fhex - A Full-Featured HexEditor compatible with Linux/Windows/MacOS
r-richter/hyenae-ng - Hyenae NG is an advanced cross-platform network packet generator and the successor of Hyenae. It features full network layer spoofing, pattern based address randomization and flood detection breaking
kindtime/nosferatu - Windows NTLM Authentication Backdoor
lab52io/StopDefender - Stop Windows Defender programmatically
lab52io/StealAllTokens - This PoC uses two diferent technics for stealing the primary token from all running processes, showing that is possible to impersonate and use whatever token present at any process
CCob/lsarelayx - NTLM relaying for Windows made easy
BlueMatthew/WechatExporter - Wechat Chat History Exporter 微信聊天记录导出备份程序
qtfreet00/AntiFrida - 通过内存特征检测frida
mgeeky/ThreadStackSpoofer - Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.
ideaslocas/aDLL -
TonyChen56/160-Crackme - 对160个Crackme的详细分析记录
ly4k/CallbackHell - Exploit for CVE-2021-40449 - Win32k Elevation of Privilege Vulnerability (LPE)
networkit/networkit - NetworKit is a growing open-source toolkit for large-scale network analysis.
magnusstubman/MagnusKatz - Research project for understanding how Mimikatz work and become better at C
EspressoCake/Firewall_Walker_BOF - A BOF to interact with COM objects associated with the Windows software firewall.
mgeeky/ShellcodeFluctuation - An advanced in-memory evasion technique fluctuating shellcode's memory protection between RW/NoAccess & RX and then encrypting/decrypting its contents
aristocratos/btop - A monitor of resources
waleedassar/SyscallNumberFinder -
hotnops/RemoteDebugView - A DLL that serves OutputDebugString content over a TCP connection
APTortellini/unDefender - Killing your preferred antimalware by abusing native symbolic links and NT paths.
mez-0/winrmdll - C++ WinRM API via Reflective DLL
airbus-cert/Yagi - Yet Another Ghidra Integration for IDA
NoOne-hub/bypass-BeaconEye - bypass BeaconEye
0x727/CloneX_0x727 - 进行克隆用户、添加用户等账户防护安全检测的轻巧工具
evilashz/RemoteMemorymodule - Load the evilDLL from socket connection without touch disk
manyfacedllama/amsi-tracer - Leverage AMSI (Antimalware Scan Interface) technology to aid your analysis. This tool saves all buffers (scripts, .NET assemblies, etc) passed into AMSI during dynamic execution.
kavika13/RemCom - Remote Command Executor: A OSS replacement for PsExec and RunAs - or Telnet without having to install a server. Take your pick :)
x64dbg/ScyllaHide - Advanced usermode anti-anti-debugger. Forked from https://bitbucket.org/NtQuery/scyllahide
ivan-sincek/keylogger - Windows OS keylogger with a hook mechanism (ie with a keyboard hook procedure).
EvanMcBroom/microsocks11 - A cross-platform SOCKS5 library and server based on the microsocks project.
rr-debugger/rr - Record and Replay Framework
zer0fl4g/DebugDetector -
ZLMediaKit/ZLMediaKit - WebRTC/RTSP/RTMP/HTTP/HLS/HTTP-FLV/WebSocket-FLV/HTTP-TS/HTTP-fMP4/WebSocket-TS/WebSocket-fMP4/GB28181/SRT server and client framework based on C++11
wh201906/Proxmark3GUI - A cross-platform GUI for Proxmark3 client | 为PM3设计的跨平台图形界面
kkent030315/PageTableInjection - Code Injection, Inject malicious payload via pagetables pml4.
S1ckB0y1337/TokenPlayer - Manipulating and Abusing Windows Access Tokens.
sogou/workflow - C++ Parallel Computing and Asynchronous Networking Framework
uknowsec/JuicyPotato - Modifying JuicyPotato to support load shellcode and webshell
CodingGay/BlackDex - BlackDex is an Android unpack(dexdump) tool, it supports Android 5.0~12 and need not rely to any environment. BlackDex can run on any Android mobile phone or emulator, you can unpack APK File in sever
KongKong20/WeChatPCHook - 微信 电脑 机器人 入门教程 基于HOOK
uknowsec/CreateService - 创建服务持久化
Barbarisch/forkatz - credential dump using foreshaw technique using SeTrustedCredmanAccessPrivilege
netbiosX/AMSI-Provider - A fake AMSI Provider which can be used for persistence.
AzAgarampur/byeintegrity5-uac - Bypass UAC at any level by abusing the Task Scheduler and environment variables
Paulo-D2000/ShellCodeObfuscator - Simple shellcode obfuscator using PYTHON and C / C++
vusec/collabfuzz - CollabFuzz: A Framework for Collaborative Fuzzing
FeJQ/AUPK -
jozemberi/PE-Crypter - Simple runtime crypter in C/C++.
klecko/kvm-fuzz - PoC of fuzzing closed-source userspace binaries with KVM
jxy-s/herpaderping - Process Herpaderping proof of concept, tool, and technical deep dive. Process Herpaderping bypasses security products by obscuring the intentions of a process.
L3cr0f/DccwBypassUAC - Windows 8.1 and 10 UAC bypass abusing WinSxS in "dccw.exe".
RedCursorSecurityConsulting/PPLKiller - Tool to bypass LSA Protection (aka Protected Process Light)
h4ms1k/samdump -
BlackINT3/OpenArk - The Next Generation of Anti-Rookit(ARK) tool for Windows.
0xZ0F/Z0FCourse_ReverseEngineering - Reverse engineering focusing on x64 Windows.
UndefinedIdentifier/LCX - 自修改免杀lcx端口转发工具
notify-bibi/ScyllaHide-IDA7.5 - ScyllaHide for IDA7.5; ScyllaHide IDA7.5; It is a really niccccccce anti-anti-debug tool
aahmad097/AlternativeShellcodeExec - Alternative Shellcode Execution Via Callbacks
kdrag0n/safetynet-fix - Google SafetyNet attestation workarounds for Magisk
purerosefallen/ygopro - KoishiPro
deepinstinct/LsassSilentProcessExit - Command line interface to dump LSASS memory to disk via SilentProcessExit
ChaitanyaHaritash/Callback_Shellcode_Injection - POCs for Shellcode Injection via Callbacks
huoji120/DuckMemoryScan - 检测绝大部分所谓的内存免杀马
ajayrandhawa/Keylogger - Keylogger is 100% invisible keylogger not only for users, but also undetectable by antivirus software. keylogger Monitors all keystokes, Mouse clicks. It has a seperate process which continues capture
TimelifeCzy/kHypervisorBasic - VT Hook
WormChickenWizard/hikvision-decrypter - A simple cross platform program written in C++ used for decrypting the configuration files created by Hikvision Security Cameras. Successor to my hikvision-xor-decrypter
codingo/dooked - DNS and Target HTTP History Local Storage and Search
itm4n/Perfusion - Exploit for the RpcEptMapper registry key permissions vulnerability (Windows 7 / 2088R2 / 8 / 2012)
stealth/psc - E2E encryption for multi-hop tty sessions or portshells + TCP/UDP port forward
fastogt/fastonosql - FastoNoSQL is a crossplatform Redis, Memcached, SSDB, LevelDB, RocksDB, UnQLite, LMDB, ForestDB, Pika, Dynomite, KeyDB GUI management tool.
WerWolv/ImHex - ? A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
OmerYa/Invisi-Shell - Hide your Powershell script in plain sight. Bypass all Powershell security features
ioncodes/CVE-2020-16938 - Bypassing NTFS permissions to read any files as unprivileged user.
DockDroid/openvmi - 鹏城实验室与北弓联合开发的VMI开源版本
0xnobody/vmpdump - A dynamic VMP dumper and import fixer, powered by VTIL.
bats3c/ChromeTools - A collection of tools to abuse chrome browser
0x09AL/RdpThief - Extracting Clear Text Passwords from mstsc.exe using API Hooking.
lcatro/vuln_javascript - 模拟一个存在漏洞的JavaScript 运行环境,用来学习浏览器漏洞原理和练习如何编写Shellcode (a JavaScript Execute Envirment which study browser vuln and how to write Shellcode ) ..
googleprojectzero/Jackalope - Binary, coverage-guided fuzzer for Windows, macOS, Linux and Android
yazhiwang/ollvm-tll - Ollvm+Armariris+LLVM 6.0.0
my-mo/android_nfc_fuzzer -
Alamot/code-snippets - Various code snippets
miek/inspectrum - Radio signal analyser
NytroRST/ShellcodeCompiler - Shellcode Compiler
knownsec/shellcodeloader - shellcodeloader
WithSecureLabs/C3 - Custom Command and Control (C3). A framework for rapid prototyping of custom C2 channels, while still providing integration with existing offensive toolkits.
cbwang505/CVE-2020-1066-EXP - CVE-2020-1066-EXP支持Windows 7和Windows Server 2008 R2操作系统
google/CTAP2-test-tool - Test tool for CTAP2 authenticators
yardenshafir/CVE-2020-1034 - PoC demonstrating the use of cve-2020-1034 for privilege escalation
PetoiCamp/OpenCat-Old - A programmable and highly maneuverable robotic cat for STEM education and AI-enhanced services.
horsicq/XAPKDetector - APK/DEX detector for Windows, Linux and MacOS.
crossroadsfpga/pigasus - 100Gbps Intrusion Detection and Prevention System
CheckPointSW/showstopper - ShowStopper is a tool for helping malware researchers explore and test anti-debug techniques or verify debugger plugins or other solutions that clash with standard anti-debug methods.
ION28/BLUESPAWN - An Active Defense and EDR software to empower Blue Teams
anhkgg/SuperDllHijack - SuperDllHijack:A general DLL hijack technology, don't need to manually export the same function interface of the DLL, so easy! 一种通用Dll劫持技术,不再需要手工导出Dll的函数接口了
gitjdm/dumper2020 - Yet another LSASS dumper
itm4n/FullPowers - Recover the default privilege set of a LOCAL/NETWORK SERVICE account
tobimensch/aqemu - Official AQEMU repository - a GUI for virtual machines using QEMU as the backend
upx/upx - UPX - the Ultimate Packer for eXecutables
vaibhavpandeyvpz/apkstudio - Open-source, cross platform Qt based IDE for reverse-engineering Android application packages.
am0nsec/wspe - Windows System Programming Experiments
zodiacon/ProcMonXv2 - Process Monitor X v2
Neo23x0/Raccine - A Simple Ransomware Vaccine
siemens/fluffi - FLUFFI (Fully Localized Utility For Fuzzing Instantaneously) - A distributed evolutionary binary fuzzer for pentesters
binarly-io/efiXplorer - IDA plugin for UEFI firmware analysis and reverse engineering automation
mubix/netview - Netview enumerates systems using WinAPI calls
klzgrad/naiveproxy - Make a fortune quietly
facebook/hermes - A JavaScript engine optimized for running React Native.
cyberark/DLLSpy - DLL Hijacking Detection Tool
mmozeiko/aes-finder - Utility to find AES keys in running processes
Almamu/linux-wallpaperengine - Wallpaper Engine backgrounds for Linux!
HexHive/FuZZan - FuZZan: Efficient Sanitizer Metadata Design for Fuzzing
illera88/Ponce - IDA 2016 plugin contest winner! Symbolic Execution just one-click away!
TheWover/Manager - Library of tools and examples for loading/bootstrapping managed code from unmanaged code in .NET
crvvdev/MasterHide - A x64 Windows Rootkit using SSDT or Hypervisor hook
iPower/KasperskyHook - Hook system calls on Windows by using Kaspersky's hypervisor
Soulghost/iblessing - iblessing is an iOS security exploiting toolkit, it mainly includes application information gathering, static analysis and dynamic analysis. It can be used for reverse engineering, binary analysis and
hhlxf/USO_Info_Leak - two heap address leak bugs in usosvc service
can1357/NoVmp - A static devirtualizer for VMProtect x64 3.x. powered by VTIL.
baidu/openrasp - Open source RASP solution
br-sn/CheekyBlinder - Enumerating and removing kernel callbacks using signed vulnerable drivers
D4stiny/spectre - A Windows kernel-mode rootkit that abuses legitimate communication channels to control a machine.
snorez/srcinv - source code audit tool
irsl/CVE-2020-1313 - Proof of concept exploit of Windows Update Orchestrator Service Elevation of Privilege Vulnerability
k0keoyo/my_vulnerabilities -
hlldz/dazzleUP - A tool that detects the privilege escalation vulnerabilities caused by misconfigurations and missing updates in the Windows operating systems.
DimopoulosElias/Primitives -
frida/cryptoshark - Self-optimizing cross-platform code tracer based on dynamic recompilation
itm4n/UsoDllLoader - Windows - Weaponizing privileged file writes with the Update Session Orchestrator service
KDE/latte-dock - Replacement dock for Plasma desktops, providing an elegant and intuitive experience for your tasks and plasmoids
ohpe/juicy-potato - A sugared version of RottenPotatoNG, with a bit of juice, ie another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITYSYSTEM.
hasherezade/tag_converter -
hasherezade/tiny_tracer - A Pin Tool for tracing API calls etc
ksnip/ksnip - ksnip the cross-platform screenshot and annotation tool
gqrx-sdr/gqrx - Software defined radio receiver powered by GNU Radio and Qt.
gnuradio/gnuradio - GNU Radio – the Free and Open Software Radio Ecosystem
zcgonvh/MS16-032 - MS16-032(CVE-2016-0099) for SERVICE ONLY
kanryu/quickviewer - A image/comic viewer application for Windows, Mac and Linux, it can show images very fast
oyyd/nysocks - Nysocks binds kcp and libuv to provide an aggressive tcp tunnel in nodejs.
vnotex/vnote - A pleasant note-taking platform in native C++.
guoming0000/BatchRunTrayTool - A tray tool under windows to open any file by system default or any executable program.
rexdf/CommandTrayHost - A command line program monitor systray for Windows
Gregwar/fatcat - FAT filesystems explore, extract, repair, and forensic tool
0x09AL/DNS-Persist - DNS-Persist is a post-exploitation agent which uses DNS for command and control.
wangyu-/tinyfecVPN - A VPN Designed for Lossy Links, with Build-in Forward Error Correction(FEC) Support. Improves your Network Quality on a High-latency Lossy Link.
wangyu-/UDPspeeder - A Tunnel which Improves your Network Quality on a High-latency Lossy Link by using Forward Error Correction, possible for All Traffics(TCP/UDP/ICMP)
cbayet/Exploit-CVE-2017-6008 - Exploits for CVE-2017-6008, a kernel pool buffer overflow leading to privilege escalation.
apache/incubator-pagespeed-ngx - Automatic PageSpeed optimization module for Nginx
NotGlop/SysExec - [Windows] Local Privilege Escalation - WebClient
hatRiot/token-priv - Token Privilege Research
XhmikosR/notepad2-mod - LOOKING FOR DEVELOPERS - Notepad2-mod, a Notepad2 fork, a fast and light-weight Notepad-like text editor with syntax highlighting
wangyu-/udp2raw - A Tunnel which Turns UDP Traffic into Encrypted UDP/FakeTCP/ICMP Traffic by using Raw Socket,helps you Bypass UDP FireWalls(or Unstable UDP Environment)
securesocketfunneling/ssf - Secure Socket Funneling - Network tool and toolkit - TCP and UDP port forwarding, SOCKS proxy, remote shell, standalone and cross platform
pipesocks/pipesocks - A pipe-like SOCKS5 tunnel system.
vah13/extractTVpasswords - tool to extract passwords from TeamViewer memory using Frida
wbenny/mini-tor - proof-of-concept implementation of tor protocol using Microsoft CNG/CryptoAPI
jks-prv/Beagle_SDR_GPS - KiwiSDR: BeagleBone web-accessible shortwave receiver and software-defined GPS
PurpleI2P/i2pd - ? I2P: End-to-End encrypted and anonymous Internet
samizzo/hexed - Windows console-based hex editor
pavel-odintsov/fastnetmon - FastNetMon - very fast DDoS sensor with sFlow/Netflow/IPFIX/SPAN support
gatieme/CodingInterviews - 剑指Offer——名企面试官精讲典型编程题
oguzhaninan/Stacer - Linux System Optimizer and Monitoring - https://oguzhaninan.github.io/Stacer-Web
sam-b/HackSysDriverExploits -
psi-im/psi - XMPP client
rime/librime - Rime Input Method Engine, the core library
bee13oy/AV_Kernel_Vulns - Pocs for Antivirus Software's Kernel Vulnerabilities
nladuo/captcha-break - captcha break based on opencv2, tesseract-ocr and some machine learning algorithm.
3gstudent/From-System-authority-to-Medium-authority - Penetration test
owasp-modsecurity/ModSecurity - ModSecurity is an open source, cross platform web application firewall (WAF) engine for Apache, IIS and Nginx. It has a robust event-based programming language which provides protection from a range o
secrary/InjectProc - InjectProc - Process Injection Techniques [This project is not maintained anymore]
JLospinoso/gargoyle - A memory scanning evasion technique
ladislav-zezula/CascLib - An open-source implementation of library for reading CASC storages from Blizzard games since 2014
homenc/HElib - HElib is an open-source software library that implements homomorphic encryption. It supports the BGV scheme with bootstrapping and the Approximate Number CKKS scheme. HElib also includes optimizations
google/security-research-pocs - Proof-of-concept codes created as part of security research done by Google Security Team.
Dor1s/libfuzzer-workshop - Repository for materials of "Modern fuzzing of C/C++ Projects" workshop.
whdlgp/ARMv6m_Simulator - Simple Simulator of ARMv6m instructions
hidviz/hidviz - A tool for in-depth analysis of USB HID devices communication
x64dbg/x64dbg - An open-source user mode debugger for Windows.優化用於逆向工程和惡意軟件分析。
steven-michaud/HookCase - Tool for reverse engineering macOS/OS X
ele7enxxh/poc-exp - poc or exp of android vulnerability
jackullrich/ShellcodeStdio - An extensible framework for easily writing compiler optimized position independent x86 / x64 shellcode for windows platforms.
Deeplocal/mocktailsmixer - Make a DIY Robotic Mocktails Mixer Powered by the Google Assistant SDK
richkmeli/Richkware - Framework for building Windows malware, written in C++
lcatro/network_backdoor_scanner - This is a backdoor about discover network device ,and it can hidden reverse connecting the hacker's server with encrypt commuication 后渗透后门程序,适合在已经攻陷的内网中做下一步的网络信息扫描..
secrary/InfectPE - InfectPE - Inject custom code into PE file [This project is not maintained anymore]
lcatro/SISE_Traning_CTF_RE - SNST Traning RE Project .华软网络安全小组逆向工程训练营,尝试以CTF 的形式来使大家可以动手训练快速提升自己的逆向工程水平.CTF 的训练程序又浅到深,没有使用太复杂的算法,在逆向的过程中遇到的难关都是在分析病毒和破解中遇到的实际情况,注重于实用.训练营还包含有源代码文件,训练程序和思路.希望可以帮助小伙伴们入门逆向工程这个神奇的世界..
microsoft/CNTK - Microsoft Cognitive Toolkit (CNTK), an open source deep-learning toolkit
StevenHickson/PiAUISuite - Raspberry PI AUI Suite
hteso/iaito - This project has been moved to:
DimitriFourny/koalaOS - x86 Microkernel
silverf0x/RpcView - RpcView is a free tool to explore and decompile Microsoft RPC interfaces
cinience/RedisStudio - RedisStudio Redis GUI client(tool) for windows
yanyiwu/simhash - 中文文档simhash值计算
cmake
TheLartians/ModernCppStarter - Kick-start your C++!使用CMAKE,CI,代碼覆蓋範圍,Clang-Format,可重現的依賴關係管理等的現代C ++項目模板。
pothosware/PothosSDR - Pothos SDR windows development environment
paulbricman/dual-obsidian-client - A skilled virtual assistant for Obsidian.
paranoidninja/O365-Doppelganger - A quick handy script to harvest credentials off of a user during a Red Team and get execution of a file from the user
LimberDuck/nessus-cheat-sheet - Nessus Cheat Sheet in HTML, PDF, PNG, ADOC
P0cL4bs/Nanobrok - Web Service write in Python for control and protect your android device remotely.
opensec-cn/conote-community - Conote 综合安全测试平台社区版。
du33169/typora-theme-essay_cn - a theme for Typora(a markdown editor), designed for chinese essay
primary-theme/obsidian - Comfy, playful but productive theme for Obsidian. "Primary instantly puts you in a relaxed state that opens the door to creativity and exploration. Wonderfully executed down to the smallest details,"
lbc-team/deep_ethereum - 电子书:以太坊技术与实现
Pithus/bazaar - Android security & privacy analysis for the masses
abhijithb200/investigator - An online handy-recon tool
nccgroup/Solitude - Solitude is a privacy analysis tool that enables anyone to conduct their own privacy investigations. Whether a curious novice or a more advanced researcher, Solitude makes the process of evaluating us
admin360bug/PHP - PHP训练靶场
hrqmonteiro/joplin-theme - My Joplin theme files, including userchrome.css and userstyles.css, as well as some markdown templates for my notes.
Aneureka/push-to-kindle - A web-based tool for pushing documents to your lovely kindle.
zseano/JS-Scan - a .js scanner, built in php. designed to scrape urls and other info
gwen001/bugbountytips - Webapp to search tips on Twitter through #bugbountytips
varchashva/vPrioritizer - vPrioritizer enables us to understand the contextualized risk (vPRisk) on asset-vulnerability relationship level across the organization, for teams to make more informed decision about what (vulnerabi
mike-goodwin/owasp-threat-dragon-desktop - An installable desktop variant of OWASP Threat Dragon
leonjza/frida-boot - Frida Boot ?- A binary instrumentation workshop, with Frida, for beginners!
ajinabraham/nodejsscan - nodejsscan is a static security code scanner for Node.js applications.
yingshang/banruo -
zsxsoft/my-ctf-challenges - My CTF Challenges
curtbraz/PhishAPI - Comprehensive Web Based Phishing Suite for Rapid Deployment and Real-Time Alerting!
sp4rkw/Reaper - 一款用于src资产信息收集的工具
pythonran/Pcap_tools - 网络流量可配置嗅探,流量包解析,漏洞规则扫描
weev3/LKWA - Lesser Known Web Attack Lab
wultra/powerauth-docker - Docker images for PowerAuth 2.0 Software
nowsecure/secure-mobile-development - A Collection of Secure Mobile Development Best Practices
josherich/repo-to-pdf - repository to pdf
varkai/hugo-theme-zozo - ? A simple and beautiful theme for Hugo
Area39/Webug4.0-Docker - Docker版本的Webug4.0
theme-nexmoe/hexo-theme-nexmoe - A special Hexo theme focusing on pictures and images. Images tell stories, and Nexmoe makes them more vivid.
UndeadSec/SocialFish - Phishing Tool & Information Collector
appsecco/using-docker-kubernetes-for-automating-appsec-and-osint-workflows - Repository for all the workshop content delivered at nullcon X on 1st of March 2019
w-digital-scanner/w12scan - A simple asset discovery engine for cybersecurity. (网络资产发现引擎)
w-digital-scanner/w11scan - 分布式WEB指纹识别平台 Distributed WEB fingerprint identification platform
710leo/ZVulDrill - Web漏洞演练平台
nizarmah/tintedarc - An XFCE custom arc and tint2 auto-themer, voila you have yourself a nice theme
luodaoyi/CloudFlarePartner - CloudFlare partner website with python and flask
vinceliuice/Vimix-gtk-themes - Vimix is a flat Material Design theme for GTK 3, GTK 2 and Gnome-Shell etc.
ProgrammingFonts/ProgrammingFonts - This is a collection of programming fonts, just share this with the programmers. Now there are 108 kinds of fantastic fonts!
FunctionClub/V2ray.Fun - 正在开发的全新 V2ray.Fun
hashview/hashview-old - A web front-end for password cracking and analytics
houshanren/hangzhou_house_knowledge - 2017年买房经历总结出来的买房购房知识分享给大家,希望对大家有所帮助。买房不易,且买且珍惜。Sharing the knowledge of buy an own house that according to the experience at hangzhou in 2017 to all the people. It's not easy to buy a own house, so I
rmusser01/Infosec_Reference - An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.
jbtronics/CrookedStyleSheets - Webpage tracking only using CSS (and no JS)
cheng-kang/wildfire - From a little spark may burst a flame.
programster/Apaxy - A simple, customisable theme for your Apache directory listing.
ronggang/transmission-web-control - 一个 Transmission 浏览器管理界面。Transmission Web Control is a custom web UI.
caspartse/QQ-Groups-Spider - QQ Groups Spider(QQ 群爬虫)
justdeleteme/justdelete.me - A directory of direct links to delete your account from web services.
chaynHQ/diy-online-privacy-starter - Chayn's Do It Yourself Online Safety guide helps women keep their online accounts and social profiles secure against harassment, and stalkers. This guide is open source.
malaohu/Arukas-API - Arukas API 自动获取IP和端口,SSR服务器订阅,Arukas 监测启动
sunnyyoung/Farbox-NexT - A hexo theme NexT for Farbox.
zhangjikai/gitbook-use - 记录GitBook的一些配置及插件信息
wentin/cssicon - icon set made with pure css code, no dependencies, "grab and go" icons
Tencent/tmt-workflow - A web developer workflow used by WeChat team based on Gulp, with cross-platform supported and solutions prepared.
advanced-security/codeql-queries - [Deprecated] GitHub's Field Team's CodeQL Custom Queries, Suites, and Configurations. See GitHubSecurityLab/CodeQL-Community-Packs instead
ice-doom/CodeQLRule - 个人使用CodeQL编写的一些规则
synacktiv/QLinspector - Finding Java gadget chains with CodeQL
safe6Sec/CodeqlNote - Codeql学习笔记
cldrn/codeql-queries - My CodeQL queries collection
pwntester/codeql_grehack_workshop - GreHack 2021 CodeQL for Java workshop
AppFlowy-IO/AppFlowy - Bring projects, wikis, and teams together with AI. AppFlowy is an AI collaborative workspace where you achieve more without losing control of your data. The best open source alternative to Notion.
TunMax/canal - 一个开箱即用的 http / socks5 代理(基于 Cloudflare WARP)/ Setting Up an Out of Box HTTP/SOCKS5 Proxy with Cloudflare WARP in Docker
dr0n1/CTF_Docker_Template - CTF docker部署模板
akkuman/docker-awvs - 可便捷配置账号密码apikey的docker-awvs
teamssix/twiki - T Wiki 云安全知识文库,可能是国内首个云安全知识文库?
p0dalirius/Awesome-RCE-techniques - Awesome list of step by step techniques to achieve Remote Code Execution on various apps!
aress31/docker_burp-enterprise - Attempt at dockerizing Burp Enterprise v2022.4.
n0madic/nmap-vulners-vulscan - Docker image for advanced vulnerability scanning with Nmap NSE scripts
sonnyyu/docker-nmap - Nmap is utility for network discovery and security auditing
xiecat/sec-docker - 常用安全工具 docker镜像 自动更新仓库
geerlingguy/docker-ubuntu2204-ansible - Ubuntu 22.04 LTS (Jammy Jellyfish) Docker container for Ansible playbook and role testing.
puzzlepeaches/sneaky_proxy - Hiding your infrastructure from the boys in blue.
RAJANAGORI/Nightingale - It's a Docker Environment for Pentesting which having all the required tool for VAPT.
ericmjl/essays-on-data-science - In which I put together my thoughts on the practice of data science.
Yogehi/Drozer-Docker -
caphosra/CTFDocker - This is a docker image for Capture The Flag and many useful and famous tools are on this image.
jumpserver/Dockerfile - JumpServer all in one Dockerfile
Cl0udG0d/AWDDocker - 标准化AWD靶场Docker
eikendev/java-decompiler - A Docker image with four popular Java decompilers in one place (CFR, Fernflower, Krakatau, and Procyon) ?
phith0n/phpsrc-debug-docker - Debug environment for PHP inside a Docker container. Document waiting to be completed.
sherifabdlnaby/elastdocker - ? Elastic Stack (ELK) v8+ on Docker with Compose. Pre-configured out of the box to enable Logging, Metrics, APM, Alerting, ML, and SIEM features. Up with a Single Command.
mablanco/docker-reconftw - Docker image for reconftw, a simple script intended to perform a full recon on an objective with multiple subdomains
rosehgal/k8s-In-30Mins - Learn how to set up the Kubernetes cluster in 30 mins and deploy the application inside the cluster.
parzel/Damn-Vulnerable-WooCommerce-Plugins - This is a docker environment ready set up for multiple WooCommerce Plugin vulnerabilities.
himazawa/bento - Bento Toolkit is a minimal fedora-based container for penetration tests and CTF with the sweet addition of GUI applications.
lazychanger/docker-kunlun-mirror - 昆仑镜docker镜像
Swordfish-Security/Pentest-In-Docker - Docker image to exploit RCE, try for pentest methods and test container security solutions (trivy, falco and etc.)
evi0s/Openresty-WAF - Openresty with WAF installed
mozilla/docker-sbt - Dockerfile for sbt (Scala build tool)
drandin/docker-php-workspace - PHP development environment for Docker
zjuchenyuan/dockerized_fuzzing - Run fuzzing experiments in Docker
heroku/bheu19-attacking-cloud-builds - Slides, Cheatsheet and Resources from our Blackhat EU talk
AlexisAhmed/BugBountyToolkit - A multi-platform bug bounty toolkit that can be installed on Debian/Ubuntu or set up with Docker.
madhuakula/hacker-container - The Swiss Army Container for Cloud Native Security. Container with all the list of useful tools/commands while hacking and securing Containers, Kubernetes Clusters, and Cloud Native workloads.
hysnsec/awesome-threat-modelling - A curated list of threat modeling resources (Books, courses - free and paid, videos, tools, tutorials and workshops to practice on ) for learning Threat modeling and initial phases of security review.
FingerLeakers/docker-inurlbr - Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found. http://blog.inurl.c
Xyphex/docker-mara-framework - Unofficial Docker image for MARA Framework
OWASP/wstg - The Web Security Testing Guide is a comprehensive Open Source guide to testing the security of web applications and web services.
Eadom/ctf_xinetd - A docker repository for deploying pwnable challenges in CTF
ferrarimarco/docker-pxe - A virtualized implementation of PXE supported by DNSMasq
laradock/laradock - Full PHP development environment for Docker.
e3net/rapidscan-docker - Docker image of rapidscan
nVentiveUX/docker-ttrss - A multiarch docker image for Tiny Tiny RSS feed reader
davevs/dvxte - Damn Vulnerable eXtensive Training Environment
hitian/docker-shadowsocks-with-simple-obfs - shadowsocks-libev with simple-obfs
khs1994-docker/lnmp - ? ? ? ? Start Docker LNMP(LEMP) In less than 2 minutes Powered by Docker Compose. 讓 PHP 開發者快速(一鍵)搭建基於容器技術(Docker、Kubernetes)的開發、測試、生產(CI/CD by Drone)
linuxserver/docker-transmission -
diameter/rtorrent-rutorrent - Docker container with supervisor/rtorrent/nginx/ruTorrent 64/32 bit
MyKings/docker-vulnerability-environment - Use the docker to build a vulnerability environment
vulhub/Dockertools - Some tools based on docker
luodaoyi/kms-server - a docker image for kms
johackim/docker-hacklab - My personal hacklab, create your own.
vulhub/vulhub - Pre-Built Vulnerable Environments Based on Docker-Compose
mikesplain/openvas-docker - A Docker container for Openvas
emacs lisp
jinzhu/configure - My dot files for Emacs, Openbox, XMonad, VIM, Golang, Zsh/Bash, tmux, URXVT, ArchLinux, Git, Ruby/Rails, Xbindkey, Vrome...
Erlang
kudelskisecurity/scannerl - The modular distributed fingerprinting engine
F#
microsoft/rest-api-fuzz-testing - REST API Fuzz Testing (RAFT): Source code for self-hosted service developed for Azure, including the API, orchestration engine, and default set of security tools (including MSR's RESTler), that enable
jmhickman/Fetters - Port of Seatbelt in F#
流利
janeczku/calibre-web - Web app for browsing, reading and downloading eBooks stored in a Calibre database
freemarker
API-Security/APISandbox - Pre-Built Vulnerable Multiple API Scenarios Environments Based on Docker-Compose.
去
t94j0/gophish-notifier - Notification webhook for GoPhish
berryalen02/PECracker - 针对PE文件的分离的攻防对抗工具,红队、研究者的好帮手。目前支持文件头伪装、证书区段感染。A no-kill confrontation tool for the separation of PE files, a good helper for red teams and researchers. Currently, file header spoofing and certificate s
sspsec/Spear - 基于GO的渗透工具箱框架
HackAllSec/hfinger - 一个用于web框架、CDN和CMS指纹识别的高性能命令行工具。A high-performance command-line tool for web framework, CDN and CMS fingerprinting.
hanbufei/isCdn - 检查一个ip是否在cdn范围内
bytedance/vArmor - vArmor is a cloud native container sandbox system based on AppArmor/BPF/Seccomp. It also includes multiple built-in protection rules that are ready to use out of the box.
wgpsec/EndpointSearch - EndpointSearch 是一个探测云服务端点的扫描器。Endpoint Search is a sophisticated reconnaissance utility designed to discreetly identify and enumerate endpoints within cloud services.
yhy0/Jie - Jie stands out as a comprehensive security assessment and exploitation tool meticulously crafted for web applications. Its robust suite of features encompasses vulnerability scanning, information gath
youki992/VscanPlus - [VscanPlus内外网漏洞扫描工具]已更新HW热门漏洞检测POC。基于veo师傅的漏扫工具vscan二次开发的版本,端口扫描、指纹检测、目录fuzz、漏洞扫描功能工具,批量快速检测网站安全隐患。An open-source, cross-platform website vulnerability scanning tool that helps you quickly detect web
redhuntlabs/BucketLoot - BucketLoot is an automated S3-compatible bucket inspector that can help users extract assets, flag secret exposures and even search for custom keywords as well as Regular Expressions from publicly-exp
STRRL/cloudflare-tunnel-ingress-controller - Expose the website directly into the internet! The Kuberntes Ingress Controller based on Cloudflare Tunnel.
adeljck/QAX_VPN_Crack - 奇安信VPN任意用户密码重置
chaitin/blazehttp - BlazeHTTP 是一款简单易用的 WAF 防护效果测试工具。BlazeHTTP stands as a user-friendly WAF protection efficacy evaluation tool.
kost/chashell - Chashell is a Go reverse shell that communicates over DNS. It can be used to bypass firewalls or tightly restricted networks.
zan8in/pyxis - pyxis can automatically identify http and https requests, and get response headers, status codes, response size, response time, tools for fingerprinting (favicon has, service, CMS, framework, etc.)
dhn/udon - A simple tool that helps to find assets/domains based on the Google Analytics ID.
musana/mx-takeover - mx-takeover focuses DNS MX records and detects misconfigured MX records.
google/kctf - kCTF is a Kubernetes-based infrastructure for CTF competitions. For documentation, see
TD0U/WeaverScan - 泛微oa漏洞利用工具
optiv/Ivy - Ivy is a payload creation framework for the execution of arbitrary VBA (macro) source code directly in memory. Ivy's loader does this by utilizing programmatical access in the VBA object environment t
trickest/mkpath - Make URL path combinations using a wordlist
getanteon/anteon - Anteon (formerly Ddosify) - Effortless Kubernetes Monitoring and Performance Testing. Available on CLI, Self-Hosted, and Cloud
kubesphere/kubeeye - KubeEye aims to find various problems on Kubernetes, such as application misconfiguration, unhealthy cluster components and node problems.
edoardottt/csprecon - Discover new target domains using Content Security Policy
wgpsec/CreateHiddenAccount - A tool for creating hidden accounts using the registry || 一个使用注册表创建隐藏帐户的工具
c3l3si4n/godeclutter - Declutters URLs in a fast and flexible way, for improving input for web hacking automations such as crawlers and vulnerability scans.
RedTeamPentesting/pretender - Your MitM sidekick for relaying attacks featuring DHCPv6 DNS takeover as well as mDNS, LLMNR and NetBIOS-NS spoofing.
redhuntlabs/HTTPLoot - An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites.
j5s/accelerator - Use Golang to batch analyze class files for Java security research
ofasgard/ungoliant - A web reconnaissance tool that proxies its results through Burp or ZAP.
patrickhener/gonh - Nessus Parser and query tool written in go
wikiZ/RedGuard - RedGuard is a C2 front flow control tool,Can avoid Blue Teams,AVs,EDRs check.
alexbakker/log4shell-tools - Tool that runs a test to check whether one of your applications is affected by the recent vulnerabilities in log4j: CVE-2021-44228 and CVE-2021-45046
kubernetes/minikube - Run Kubernetes locally
tangxiaofeng7/zsxq_notice - 知识星球提醒
GDATASoftwareAG/vaas - Verdict-as-a-Service SDKs: Analyze files for malicious content
zan8in/afrog - A Security Tool for Bug Bounty, Pentest and Red Teaming.
deatil/lakego-admin - lakego-admin 是使用 gin、JWT 和 RBAC 的前后端分离的 go 后台管理系统。An admin api system with gin, JWT and RBAC.
yarox24/EvtxHussar - Initial triage of Windows Event logs
chroblert/jishell - jishell - A powerful modern CLI and SHELL,with a msfconsole-like style
optionalCTF/SSOh-No - User enumeration and password spraying tool for testing Azure AD
openclarity/openclarity - OpenClarity is an open source tool built to enhance security and observability of cloud native applications and infrastructure
j3ssie/cdnstrip - Striping CDN IPs from a list of IP Addresses
ferreiraklet/airixss - Finding XSS during recon
chaosblade-io/chaosblade - An easy to use and powerful chaos engineering experiment toolkit.(阿里巴巴开源的一款简单易用、功能强大的混沌实验注入工具)
fuxiaohei/pugo - a simple site generator
hakluke/hakip2host - hakip2host takes a list of IP addresses via stdin, then does a series of checks to return associated domain names.
yuyan-sec/RedisEXP - Redis 漏洞利用工具
lal0ne/vulnerability - 收集、整理、修改互联网上公开的漏洞POC
google/licensecheck - The licensecheck package classifies license files and heuristically determines how well they correspond to known open source licenses.
threatcl/threatcl - Documenting your Threat Models with HCL
utkusen/wholeaked - a file-sharing tool that allows you to find the responsible person in case of a leakage
corazawaf/coraza - OWASP Coraza WAF is a golang modsecurity compatible web application firewall library
firefart/stunner - Stunner is a tool to test and exploit STUN, TURN and TURN over TCP servers.
common-fate/granted - The easiest way to access your cloud.
timwhitez/gobusterdns - lite version of gobuster. Only subdomain brute. 内网轻量化子域名爆破工具
brentp/gargs - better(?) xargs in go
ZhuriLab/Starmap - 一个轮子融合的子域名收集小工具
utkusen/socialhunter - crawls the website and finds broken social media links that can be hijacked
bonjourmalware/melody - Melody is a transparent internet sensor built for threat intelligence. Supports custom tagging rules and vulnerable application simulation.
ferreiraklet/Jeeves - Jeeves SQLI Finder
codeyourweb/fastfinder - Incident Response - Fast suspicious file finder
deepfence/PacketStreamer - Distributed tcpdump for cloud native environments
tmoneypenny/conspirator - An enhanced collaborator-like standalone server
takshal/freq - This is go CLI tool for send fast Multiple get HTTP request.
MrTuxx/OffensiveGolang - A collection of offensive Go packages inspired by different Go repositories.
mytechnotalent/turbo-attack - A turbo traffic generator pentesting tool to generate random traffic with random MAC and IP addresses in addition to random sequence numbers to a particular IP and port.
mitchellh/golicense - Scan and analyze OSS dependencies and licenses from compiled Go binaries
alist-org/alist - A file list/WebDAV program that supports multiple storages, powered by Gin and Solidjs. / 一个支持多存储的文件列表/WebDAV程序,使用 Gin 和 Solidjs。
damit5/gitdorks_go - 一款在github上发现敏感信息的自动化收集工具
s0md3v/Smap - a drop-in replacement for Nmap powered by shodan.io
ahhh/Ducky_Maker - A fun script to teach automation and create ducky scripts, from existing scripts or ASCII art files
lithammer/fuzzysearch - ? Tiny and fast fuzzy search in Go
murphysecurity/murphysec - An open source tool focused on software supply chain security. 墨菲安全专注于软件供应链安全,具备专业的软件成分分析(SCA)、漏洞检测、专业漏洞库。
pry0cc/tew - A quick 'n dirty nmap parser written in Golang to convert nmap xml to IP:Port notation.
binodlamsal/zerophish - Zero phish phishing simulated platform
YaoApp/yao - A performance app engine to create web services and applications in minutes.Suitable for AI, IoT, Industrial Internet, Connected Vehicles, DevOps, Energy, Finance and many other use-cases.
Azure/AzureDefender-K8S-InClusterDefense -
hudangwei/codemillx - codemillx is a tool for CodeQL, extract the comments in the code and generate codeql module. 强化Go开源项目安全检测(内含开源项目漏洞挖掘方法)
zombiezen/go-sqlite - Low-level Go interface to SQLite 3
j3ssie/sdlookup - IP Lookups for Open Ports and Vulnerabilities from internetdb.shodan.io
google/log4jscanner - A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.
xiecat/fofax - FOFAX是一个基于fofa.info的API命令行查询工具
Hackmanit/Web-Cache-Vulnerability-Scanner - Web Cache Vulnerability Scanner is a Go-based CLI tool for testing for web cache poisoning. It is developed by Hackmanit GmbH (http://hackmanit.de/).
ariary/TrojanSourceFinder - ? Help find Trojan Source vulnerability in code ? 。 Useful for code review in project with multiple collaborators (CI/CD)
1ultimat3/tld-scan - Top level domain scanner in Go
ravro-ir/log4shell-looker - log4jshell vulnerability scanner for bug bounty
N0MoreSecr3ts/wraith - Uncover forgotten secrets and bring them back to life, haunting security and operations teams.
panjf2000/gnet - gnet is a high-performance, lightweight, non-blocking, event-driven networking framework written in pure Go.
freshcn/qqwry - 纯真ip库的golang服务
wolfeidau/golang-massl - Simple examples of configuring mutual authentication (MASSL)
LeakIX/l9fuzz - Help fuzz various protocols and waits for ping backs Integrates LDAP server and JNDI payload
hupe1980/scan4log4shell - Scanner to send specially crafted requests and catch callbacks of systems that are impacted by log4j log4shell vulnerability and to detect vulnerable log4j versions on your local file-system
nodauf/GoMapEnum - User enumeration and password bruteforce on Azure, ADFS, OWA, O365, Teams and gather emails on Linkedin
ariary/fileless-xec - Stealth dropper executing remote binaries without dropping them on disk .(HTTP3 support, ICMP support, invisible tracks, cross-platform,...)
mmcdole/gofeed - Parse RSS, Atom and JSON feeds in Go
palantir/log4j-sniffer - A tool that scans archives to check for vulnerable log4j versions
0xInfection/LogMePwn - A fully automated, reliable, super-fast, mass scanning and validation toolkit for the Log4J RCE CVE-2021-44228 vulnerability.
proferosec/log4jScanner - log4jScanner provides the ability to scan internal subnets for vulnerable log4j web services
40a/go-powershell - Go wrapper for running PowerShell sessions
containers/podman - Podman: A tool for managing OCI containers and pods.
AD-Team/grafanaExp - A exploit tool for Grafana Unauthorized arbitrary file reading vulnerability (CVE-2021-43798), it can burst plugins / extract secret_key / decrypt data_source info automatic.
imgproxy/imgproxy - Fast and secure standalone server for resizing and converting remote images
dvyukov/go-fuzz - Randomized testing for Go
0xInfection/PewSWITCH - A FreeSWITCH specific scanning and exploitation toolkit for CVE-2021-37624 and CVE-2021-41157.
krishpranav/webinfo - A web information gathering tool made in go - DNS / Subdomains / Ports / Directories enumeration
lord3ver/gctsubdomains - Discover subdomains in Certificate Transparency logs using Google's Transparency Report
byt3hx/gup - gup aka Get All Urls parameters to create wordlists for brute forcing parameters.
lanyi1998/DNSlog-GO - DNSLog-GO 是一款golang编写的监控 DNS 解析记录的工具,自带WEB界面 / DNSLog-GO is a monitoring tool written in Golang that monitors DNS resolution records. It comes with a web interface.
redtoolskobe/scaninfo - fast scan for redtools
tomatome/grdp - pure golang rdp protocol
code-scan/AutoSubtitles -
zyylhn/zscan - Zscan a scan blasting tool set
zema1/yarx - An awesome reverse engine for xray poc. | 一個自動化根據 xray poc 生成對應靶站的工具
NetSPI/goddi - goddi (go dump domain info) dumps Active Directory domain information
botherder/androidqf - androidqf (Android Quick Forensics) helps quickly gathering forensic evidence from Android devices, in order to identify potential traces of compromise.
box/kube-applier - kube-applier enables automated deployment and declarative configuration for your Kubernetes cluster.
lal0ne/monitor - 监控网站目录下的文件变更,通过钉钉机器人发送告警。
HopopOps/k8s-ldap-auth - Kubernetes webhook token authentication plugin implementation using ldap.
mutagen-io/mutagen - Fast file synchronization and network forwarding for remote development
p4gefau1t/trojan-go - Go实现的Trojan代理,支持多路复用/路由功能/CDN中转/Shadowsocks混淆插件,多平台,无依赖。A Trojan proxy written in Go. An unidentifiable mechanism that helps you bypass GFW. https://p4gefau1t.github.io/trojan-go/
Maka8ka/NGLite - A major platform RAT Tool based by Blockchain/P2P.Now support Windows/Linux/MacOS
lwch/natpass - 居家办公,远程开发神器
akkuman/gSigFlip - A SigFlip implement in golang
IngoKl/HTTPUploadExfil - A simple HTTP server for delivering and exfiltrating files/data during, for example, CTFs.
looCiprian/GC2-sheet - GC2 is a Command and Control application that allows an attacker to execute commands on the target machine using Google Sheet or Microsoft SharePoint List and exfiltrate files using Google Drive or Mi
FourCoreLabs/EDRHunt - Scan installed EDRs and AVs on Windows
openrdap/rdap - RDAP command line client
Shu1L/avbypass - 简单go加载器实现免杀360 火绒
glebarez/cero - Scrape domain names from SSL certificates of arbitrary hosts
knes1/elktail - Command line utility to query, search and tail EL (elasticsearch, logstash) logs
mhmdiaa/chronos - Wayback Machine OSINT Framework
un4gi/fave - Search for vulnerabilities and exposures while filtering based on age, keywords, and other parameters.
kirides/screencapture - This repository has been moved to https://github.com/kirides/go-d3d
fuzz7j/cDogScan - 多服务口令爆破、内网常见服务未授权访问探测,端口扫描
ariary/QueenSono - Golang binary for data exfiltration with ICMP protocol (+ ICMP bindshell, http over ICMP tunneling, ...)
sh4hin/GoPurple - Yet another shellcode runner consists of different techniques for evaluating detection capabilities of endpoint security solutions
raverrr/plution - Prototype pollution scanner using headless chrome
Rvn0xsy/red-tldr - red-tldr is a lightweight text search tool, which is used to help red team staff quickly find the commands and key points they want to execute, so it is more suitable for use by red team personnel wit
akkuman/EvilEye - A BeaconEye implement in Golang. It is used to detect the cobaltstrike beacon from memory and extract some configuration.
galli-leo/emmutaler - A set of tools for fuzzing SecureROM. Managed to find and trigger checkm8.
lucaslorentz/caddy-docker-proxy - Caddy as a reverse proxy for Docker
yunginnanet/prox5 - ? SOCKS5/4/4a ? validating proxy pool and upstream SOCKS5 server for ? LOLXDsoRANDum connections ?
BishopFox/dufflebag - Search exposed EBS volumes for secrets
drosseau/degob - Go library/tool for viewing and reversing Go gob data [Moved to GitLab]
0xERR0R/blocky - Fast and lightweight DNS proxy as ad-blocker for local network with many features
xjasonlyu/tun2socks - tun2socks - powered by gVisor TCP/IP stack
o8oo8o/WebSSH - 功能强大,Go 实现的一个WebSSH,支持文件上传下载
xiecat/goblin - 一款适用于红蓝对抗中的仿真钓鱼系统
CasperGN/GoHead - Get interesting http headers, internal IPs, possible endpoints from target(s) and search JS files for juicy info
harleo/knockknock - A simple reverse whois lookup tool which returns a list of domains owned by people or companies
MPaandeey/dlevel - A tool get level of subdomain from 1....n
i5nipe/nipejs - Simplify your life with leak detection in JavaScript. NipeJS streamlines the use of regex, making it effortless to uncover potential leaks.
un4gi/dirtywords - A targeted word list generation tool
FleexSecurity/fleex - Fleex makes it easy to create multiple VPS on cloud providers and use them to distribute workloads.
0xTeles/jsleak - a Go code to detect leaks in JS files via regex patterns
cryonayes/GoFilter - A tool to filter URLs by parameter count or size
thelikes/fuzznav - parse ffuf & map endpoints to wordlists
dqcostin/fxr - 使用fscan联动Xray
slimtoolkit/slim - Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source)
desertbit/grumble - A powerful modern CLI and SHELL
praetorian-inc/gokart - A static analysis tool for securing Go code
Tylous/SourcePoint - SourcePoint is a C2 profile generator for Cobalt Strike command and control servers designed to ensure evasion.
timwhitez/doge-getsys - An easy way to getsystem by golang.
binwiederhier/replbot - Slack/Discord bot for running interactive REPLs and shells from a chat.
sanity-io/litter - Litter is a pretty printer library for Go data structures to aid in debugging and testing.
h0x0er/andromanifest - AndroidManifest.xml parser written in go
krishpranav/sshpot - A simple ssh honey pot, fake ssh server that lets anyone to connect and monitor their activty
ContainerSSH/ContainerSSH - ContainerSSH: Launch containers on demand
goodwithtech/dockle - Container Image Linter for Security, Helping build the Best-Practice Docker Image, Easy to start
saferwall/saferwall - ☁️ Collaborative Malware Analysis Platform at Scale
kube-tarian/tarian - Protect your Cloud Native Applications running on Kubernetes from malicious attacks with pre-registered source code, pre-registered runtime processes monitoring, automated actions based on configure-a
perlogix/cmon - NIST Information Security Continuous Monitoring (ISCM) and configuration baseline data collector
VerSprite/alpnpass - This tool will listen on a given port, strip SSL encryption, forward traffic through a plain TCP proxy, then encrypt the returning traffic again and send it to the target of your choice. Unlike most S
endorama/devid - Securely manage your developer personas
aveyuan/icpquery - ICP备案查询库
gofiber/fiber - ⚡️ Express inspired web framework written in Go
iiiusky/webrtc-proxy - 反向代理+webrtc 神不知鬼不觉的获取真实IP
EatonChips/wsh - Web shell generator and command line interface.
k0kubun/pp - Colored pretty printer for Go language
Rvn0xsy/goDomain - Windows活动目录中的LDAP信息收集工具
Ne0nd0g/merlin - Merlin is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in golang.
Dc4ts/ChangeTower - ChangeTower is intended to help you watch changes in webpages and get notified of any changes written in Go
Ne0nd0g/go-shellcode - A repository of Windows Shellcode runners and supporting utilities. The applications load and execute Shellcode using various API calls or techniques.
hueristiq/xurlfind3r - A command-line interface (CLI) based passive URLs discovery utility. It is designed to efficiently identify known URLs of given domains by tapping into a multitude of curated online passive sources.
capnspacehook/taskmaster - Windows Task Scheduler Library for Go
banzaicloud/dast-operator - Dynamic Application and API Security Testing
jeessy2/ddns-go - Simple and easy to use DDNS.支持Aliyun,Tencent Cloud,DNSpod,Cloudflare,Callback,Huawei Cloud,Baidu Cloud,Porkbun,Godaddy,Namecheap,Nameilo ...
haochen233/socks5 - A Go library about socks5, supports all socks5 commands. That Provides server and client and easy to use. Compatible with socks4 and socks4a.
koho/frpmgr - Windows 平台的 FRP GUI 客户端 / A user-friendly desktop GUI client for FRP on Windows.
daffainfo/Git-Secret - Go scripts for finding sensitive data like API key / some keywords in the github repository
benmanns/goworker - goworker is a Go-based background worker that runs 10 to 100,000* times faster than Ruby-based workers.
fullstorydev/grpcurl - Like cURL, but for gRPC: Command-line tool for interacting with gRPC servers
miku/esbulk - Bulk indexing command line tool for elasticsearch.
For-ACGN/MS17-010 - An EternalBlue exploit implementation in pure go
cockroachdb/pebble - RocksDB/LevelDB inspired key-value database in Go
derekparker/delve - Delve is a debugger for the Go programming language.
m-mizutani/octovy - Trivy based vulnerability management service
inspiringz/fofa - 一款 Go 语言编写的小巧、简洁、快速采集 fofa 数据导出到 Excel 表单的小工具。
Li4n0/revsuit - RevSuit is a flexible and powerful reverse connection platform designed for receiving connection from target host in penetration.
nicocha30/ligolo-ng - An advanced, yet simple, tunneling/pivoting tool that uses a TUN interface.
projectdiscovery/simplehttpserver - Go alternative of python SimpleHTTPServer
Josue87/roboxtractor - Extract endpoints marked as disallow in robots files to generate wordlists.
daffainfo/Key-Checker - Go scripts for checking API key / access token validity
lkarlslund/Adalanche - Active Directory ACL Visualizer and Explorer - who's really Domain Admin? (Commerical versions available from NetSection)
kleiton0x00/ppmap - A scanner/exploitation tool written in GO, which leverages client-side Prototype Pollution to XSS by exploiting known gadgets.
allyomalley/dnsobserver - A handy DNS service written in Go to aid in the detection of several types of blind vulnerabilities. It monitors a pentester's server for out-of-band DNS interactions and sends lookup notifications vi
Ullaakut/Gorsair - Gorsair gives root access on remote docker containers that expose their APIs
redcode-labs/neurax - A framework for constructing self-spreading binaries
aktsk/ipa-medit - Memory modification tool for re-signed ipa supports iOS apps running on iPhone and Apple Silicon Mac without jailbreaking.
immunIT/TeamsUserEnum - User enumeration with Microsoft Teams API
txthinking/tun2brook - Proxy all traffic just one line command. tun2socks, tun2brook. IPv4 and IPv6, TCP and UDP.
ThreeDotsLabs/watermill - Building event-driven applications the easy way in Go.
google/cel-spec - Common Expression Language -- specification and binary representation
Fahrj/reverse-ssh - Statically-linked ssh server with reverse shell functionality for CTFs and such
esrrhs/spp - A simple and powerful proxy
daffainfo/bypass-403 - Go script for bypassing 403 forbidden
Maka8ka/Faygo - A major platforms RAT Tools .High scalability.Now support Windows/Linux/MacOS
xm1k3/cent - Community edition nuclei templates, a simple tool that allows you to organize all the Nuclei templates offered by the community in one place
iammaguire/MeetC2 - Modular C2 framework aiming to ease post exploitation for red teamers.
irsl/gcp-dhcp-takeover-code-exec - Google Compute Engine (GCE) VM takeover via DHCP flood - gain root access by getting SSH keys added by google_guest_agent
ethicalhackingplayground/erebus - Erebus is a fast tool for parameter-based vulnerability scanning using a Yaml based template engine like nuclei.
grines/scour -
edoardottt/cariddi - Take a list of domains, crawl urls and scan for endpoints, secrets, api keys, file extensions, tokens and more
wahaha1573/ByPassAVAddUser -
seccome/Ehoney - 安全、快捷、高交互、企业级的蜜罐管理系统,护网;支持多种协议蜜罐、蜜签、诱饵等功能。A safe, fast, highly interactive and enterprise level honeypot management system, supports multiple protocol honeypots, honeytokens, baits and other functions
ccfos/nightingale - An all-in-one observability solution which aims to combine the advantages of Prometheus and Grafana. It manages alert rules and visualizes metrics, logs, traces in a beautiful web UI.
redcode-labs/Coldfire - Golang malware development library
sigstore/cosign - Code signing and transparency for containers and binaries
zu1k/proxypool - Automatically crawls proxy nodes on the public internet, de-duplicates and tests for usability and then provides a list of nodes
tenable/terrascan - Detect compliance and security violations across Infrastructure as Code to mitigate risk before provisioning cloud native infrastructure.
adamyi/CTFProxy - Your ultimate infrastructure to run a CTF, with a BeyondCorp-like zero-trust network and simple infrastructure-as-code configuration.
eikendev/hackenv - Manage and access your Kali Linux or Parrot Security VM from the terminal (SSH support + file sharing, especially convenient during CTFs, Hack The Box, etc.) ?
togettoyou/ipashare - ? share and install your Apple ipa
KCarretto/paragon - Red Team engagement platform with the goal of unifying offensive tools behind a simple UI
spyse-com/go-spyse - The official wrapper for spyse.com API, written in Go, aimed to help developers build their integrations with Spyse.
edoardottt/lit-bb-hack-tools - Little Bug Bounty & Hacking Tools⚔️
kubecost/kubectl-cost - CLI for determining the cost of Kubernetes workloads
ahmetak4n/radar - Scanner for misconfigured DevSecOps or Security tools on internet like SonarQube, GoPhish etc.
TardC/fofadump - A small utility that calls fofa api to download data.
koderover/zadig - Zadig is a cloud native, distributed, developer-oriented DevOps platform
golang/vulndb - [mirror] The Go Vulnerability Database
Josue87/AnalyticsRelationships - Get related domains / subdomains by looking at Google Analytics IDs
umputun/reproxy - Simple edge server / reverse proxy
ipinfo/cli - Official Command Line Interface for the IPinfo API (IP geolocation and other types of IP data)
Sakurasan/scf-proxy - 云函数代理服务
activecm/rita-legacy - Real Intelligence Threat Analytics (RITA) is a framework for detecting command and control communication through network traffic analysis.
Alaa-abdulridha/SerpScan - Serpscan is a powerfull php script designed to allow you to leverage the power of dorking straight from the comfort of your command line.
cyberark/kubesploit - Kubesploit is a cross-platform post-exploitation HTTP/2 Command & Control server and agent written in Golang, focused on containerized environments.
redcode-labs/SNOWCRASH - A polyglot payload generator
nyancrimew/goop - Yet another tool to dump a git repository from a website, focused on as-complete-as-possible dumps and handling weird edge-cases.
glitchedgitz/cook - A wordlist framework to fullfill your kinks with your wordlists. For security researchers, bug bounty and hackers.
rootklt/snowball - fofa+xray vul scan golang
d3mondev/puredns - Puredns is a fast domain resolver and subdomain bruteforcing tool that can accurately filter out wildcard subdomains and DNS poisoned entries.
genkiroid/cert - Cert is the Go tool to get TLS certificate information.
kgoins/ldsview -
Tylous/Limelighter - A tool for generating fake code signing certificates or signing real ones
sw33tLie/bbscope - Scope gathering tool for HackerOne, Bugcrowd, Intigriti, YesWeHack, and Immunefi!
kgretzky/evilginx2 - Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication
muraenateam/muraena - Muraena is an almost-transparent reverse proxy aimed at automating phishing and post-phishing activities.
hakluke/haktrails - Golang client for querying SecurityTrails API data
evilsocket/stork - A small utility that aims to automate and simplify some tasks related to software release cycles.
LearnGolang/365Golang - 《365天深入理解Go语言》Deep understanding of Golang.
daehee/mildew - Dotmil subdomain discovery tool that scrapes domains from official DoD website directories and certificate transparency logs
canc3s/cIPR - 将域名转为ip段权重
staaldraad/turner - SOCKS5 and HTTP over TURN/STUN proxy
joanbono/gap - Google Maps API checker
AdguardTeam/dnsproxy - Simple DNS proxy with DoH, DoT, DoQ and DNSCrypt support
canc3s/cSubsidiary - 利用天眼查查询企业子公司
flavio/kube-image-bouncer - Simple endpoint for the ImagePolicyWebhook and the GenericAdmissionWebhook Kubernetes admission controllers
canc3s/cDomain - 利用天眼查查询企业备案
EgeBalci/amber - Reflective PE packer.
ZupIT/horusec - Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
kitabisa/mubeng - An incredibly fast proxy checker & IP rotator with ease.
hahwul/gee - ? Gee is tool of stdin to each files and stdout. It is similar to the tee command, but there are more functions for convenience. In addition, it was written as go
ryandamour/ssrfuzz - SSRFuzz is a tool to find Server Side Request Forgery vulnerabilities, with CRLF chaining capabilities
gustavorobertux/goshock - SonicWall VPN-SSL Exploit* using Golang ( * and other targets vulnerable to shellshock ).
jaswdr/faker - Ultimate fake data generator for Go with zero dependencies
mehrdadrad/tcpdog - eBPF based TCP observability.
R0X4R/ssrf-tool - An SSRF detector tool written in golang. I have fixed some errors and added some more payloads to it. But the tool credits go to z0idsec.
runZeroInc/recog-go - Recog-Go: Pattern Recognition using Rapid7 Recog
seventh-letter/DictGenerate - 使用Go语言编写的社工字典生成器(The social engineering dictionary generator written by Go)
evilsocket/uroboros - A GNU/Linux monitoring and profiling tool focused on single processes.
cyal1/host_scan - 这是一个用于IP和域名碰撞匹配访问的小工具,旨意用来匹配出渗透过程中需要绑定hosts才能访问的弱主机或内部系统。https://github.com/fofapro/Hosts_scan implement in Go
optiv/ScareCrow - ScareCrow - Payload creation framework designed around EDR bypass.
evilsocket/ditto - A tool for IDN homograph attacks and detection.
juicedata/juicefs - JuiceFS is a distributed POSIX file system built on top of Redis and S3.
doitintl/kubeip - Assign static public IPs to Kubernetes nodes (GKE, EKS)
thibmaek/go-volumio-mqtt-proxy -
JavierOlmedo/ipdiscover - ? A simple tool to obtain long lists of ips from domains using goroutines
bytedance/Elkeid - Elkeid is an open source solution that can meet the security requirements of various workloads such as hosts, containers and K8s, and serverless. It is derived from ByteDance's internal best practices
hahwul/MobileHackersWeapons - Mobile Hacker's Weapons / A collection of cool tools used by Mobile hackers. Happy hacking , Happy bug-hunting
C4o/FBI-Analyzer - A Flexible Log Analysis System Based on Golang and Lua-Plugins. 插件化的准实时日志分析系统。
clevercoder91/Subanser - A simple Golang Script where you provide list of domains you want to check if webserver is running on that port or not . Give it a Try !!
moloch--/denim - Automated compiler obfuscation for nim
alltom/dirgui - turn a directory into a GUI, slash example of VNC-based GUI
gomodules/notify - Send notification via Email, SMS, Chat etc.
0xsapra/fuzzparam -
Charlie-belmer/nosqli - NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
acme-dns/acme-dns-client - A client software for https://github.com/joohoi/acme-dns
goretk/redress - Redress - A tool for analyzing stripped Go binaries
nytr0gen/deduplicate - Remove duplicate urls from input
edoardottt/scilla - Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
m7shapan/querycsv - QueryCSV enables you to load CSV files and manipulate them using SQL queries then after you finish you can export the new values to a CSV file
tomnomnom/meg - Fetch many paths for many hosts - without killing the hosts
michenriksen/Amass - In-depth Attack Surface Mapping and Asset Discovery
jm33-m0/emp3r0r - Linux/Windows post-exploitation framework made by linux user
assetnote/commonspeak2 - Leverages publicly available datasets from Google BigQuery to generate content discovery and subdomain wordlists
digininja/GitHunter - A tool for searching a Git repository for interesting content
cdk-team/CDK - ? Make security testing of K8s, Docker, and Containerd easier.
rvrsh3ll/RendezvousRAT - Self-healing RAT utilizing libp2p
shadow1ng/fscan - 一款内网综合扫描工具,方便一键自动化、全方位漏扫扫描。
xo/xo - Command line tool to generate idiomatic Go code for SQL databases supporting PostgreSQL, MySQL, SQLite, Oracle, and Microsoft SQL Server
PaddlePaddle/PaddleCloud - PaddlePaddle Docker images and K8s operators for PaddleOCR/Detection developers to use on public/private cloud.
tomnomnom/gron - Make JSON greppable!
uknowsec/keylogger - 键盘记录,支持定时回传
aquasecurity/starboard - Moved to https://github.com/aquasecurity/trivy-operator
ossf/scorecard - OpenSSF Scorecard - Security health metrics for Open Source
k8gege/LadonGo - Ladon for Kali 全平台开源内网渗透扫描器,Windows/Linux/Mac/路由器内网渗透,使用它可轻松一键批量探测C段、B段、A段存活主机、高危漏洞检测MS17010、SmbGhost,远程执行SSH/Winrm,密码爆破SMB/SSH/FTP/Mysql/Mssql/Oracle/Winrm/HttpBasic/Redis,端口扫描服务识别PortScan指纹识别/HttpBa
yolossn/Prometheus-Basics - Prometheus-Basics is part of Prometheus Docs now, checkout ?
RedTeamPentesting/CVE-2020-13935 - Exploit for WebSocket Vulnerability in Apache Tomcat
projectdiscovery/notify - Notify is a Go-based assistance package that enables you to stream the output of several tools (or read from a file) and publish it to a variety of supported platforms.
anchore/grype - A vulnerability scanner for container images and filesystems
Ridter/DomainHiding - external c2 use domainhiding.
timwhitez/Doge-Loader - ?Cobalt Strike Shellcode Loader by Golang
ThreatUnknown/jsubfinder - jsubfinder searches webpages for javascript & analyzes them for hidden subdomains and secrets (wip).
Shivangx01b/BountyIt - A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it using signatures
StamusNetworks/gophercap - Accurate, modular, scalable PCAP manipulation tool written in Go.
C-Sto/recursebuster - rapid content discovery tool for recursively querying webservers, handy in pentesting and web application assessments
facebookincubator/nvdtools - A set of tools to work with the feeds (vulnerabilities, CPE dictionary etc.) distributed by National Vulnerability Database (NVD)
hashicorp/waypoint - A tool to build, deploy, and release any application on any platform.
nscuro/fdnssearch - Swiftly search FDNS datasets from Rapid7 Open Data
mergestat/mergestat-lite - Query git repositories with SQL. Generate reports, perform status checks, analyze codebases. ?
nkanaev/yarr - yet another rss reader
sw33tLie/bcscope - Get the scope of your bugcrowd programs
dstotijn/hetty - An HTTP toolkit for security research.
liamg/gitjacker - ? Leak git repositories from misconfigured websites
code-scan/s5_server -
dwisiswant0/go-stare - A fast & light web screenshot without headless browser but Chrome DevTools Protocol!
crowdsecurity/crowdsec - CrowdSec - the open-source and participative security solution offering crowdsourced protection against malicious IPs and access to the most advanced real-world CTI.
incogbyte/quickpress - Small tool to automate SSRF wordpress and XMLRPC finder
RedTeamPentesting/monsoon - Fast HTTP enumerator
harleo/asnip - ASN target organization IP range attack surface mapping for reconnaissance, fast and lightweight
projectdiscovery/mapcidr - Utility program to perform multiple operations for a given subnet/CIDR ranges.
Shpota/goxygen - Generate a modern Web project with Go and Angular, React, or Vue in seconds ?
EddieIvan01/gld - Go shellcode LoaDer
theblackturtle/wildcheck - A simple tool to detect wildcards domain based on Amass's wildcards detector.
dwisiswant0/unew - A tool for append URLs, skipping duplicates/paths & combine parameters.
FiloSottile/age - A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
schollz/croc - Easily and securely send things from one computer to another ? ?
Ladicle/kubectl-rolesum - Summarize Kubernetes RBAC roles for the specified subjects.
chennqqi/godnslog - An exquisite dns&http log server for verify SSRF/XXE/RFI/RCE vulnerability
ArturSS7/TukTuk - Tool for catching and logging different types of requests.
ethicalhackingplayground/wordlistgen - Generates target specific word lists for Fuzzing with fuff
BishopFox/smogcloud - Find cloud assets that no one wants exposed ? ☁️
containerd/stargz-snapshotter - Fast container image distribution plugin with lazy pulling
ethicalhackingplayground/ssrf-tool -
chroblert/JCRandomProxy - 随机代理
hahwul/jwt-hack - ? jwt-hack is tool for hacking / security testing to JWT. Supported for En/decoding JWT, Generate payload for JWT attack and very fast cracking(dict/brutefoce)
ethicalhackingplayground/dorkX - Pipe different tools with google dork Scanner
ethicalhackingplayground/linkJS -
KathanP19/Gxss - A tool to check a bunch of URLs that contain reflecting params.
mhewedy/vermin - The smart virtual machines manager. A modern CLI for Vagrant Boxes.
dwisiswant0/wadl-dumper - Dump all available paths and/or endpoints on WADL file.
KingOfBugbounty/KingOfBugBountyTips - Our main goal is to share tips from some well-known bughunters. Using recon methodology, we are able to find subdomains, apis, and tokens that are already exploitable, so we can report them. We wish t
FunnyWolf/TFirewall - 防火墙出网探测工具,内网穿透型socks5代理
mitchellh/gox - A dead simple, no frills Go cross compile tool
projectcalico/calico - Cloud native networking and network security
awake1t/PortBrute - 一款跨平台小巧的端口爆破工具,支持爆破FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD / A cross-platform compact port blasting tool that supports blasting FTP/SSH/SMB/MSSQL/MYSQL/POSTGRESQL/MONGOD
nerdswords/yet-another-cloudwatch-exporter - Prometheus exporter for AWS CloudWatch - Discovers services through AWS tags, gets CloudWatch metrics data and provides them as Prometheus metrics with AWS tags as labels
codingo/bbr - An open source tool to aid in command line driven generation of bug bounty reports based on user provided templates.
dwisiswant0/slackcat - A simple way of sending messages from the CLI output to your Slack with webhook.
alexellis/registry-creds - Replicate Kubernetes ImagePullSecrets to all namespaces
dwisiswant0/crlfuzz - A fast tool to scan CRLF vulnerability written in Go
halfrost/LeetCode-Go - ✅ Solutions to LeetCode by Go, 100% test coverage, runtime beats 100% / LeetCode 题解
MilindPurswani/whoxyrm - A reverse whois tool based on Whoxy API.
ameenmaali/wordlistgen - Quickly generate context-specific wordlists for content discovery from lists of URLs or paths
openservicemesh/osm - Open Service Mesh (OSM) is a lightweight, extensible, cloud native service mesh that allows users to uniformly manage, secure, and get out-of-the-box observability features for highly dynamic microser
Masterminds/sprig - Useful template functions for Go templates.
C4o/Juggler - A system that may trick hackers. 针对黑客的拟态欺骗系统。
zu1k/nali - An offline tool for querying IP geographic information and CDN provider. 一个查询IP地理信息和CDN服务提供商的离线终端工具.
hasura/gitkube - Build and deploy docker images to Kubernetes using git push
xct/xc - A small reverse shell for Linux & Windows
impost0r/Misc-Tools - Miscellaneous tools I've developed over the years for help in infosec.
ayoul3/reflect-pe - Reflectively load PE
vmware-archive/octant - Highly extensible platform for developers to better understand the complexity of Kubernetes clusters.
CloudyKit/jet - Jet template engine
moonD4rk/HackBrowserData - Extract and decrypt browser data, supporting multiple data types, runnable on various operating systems (macOS, Windows, Linux).
lunixbochs/usercorn - dynamic binary analysis via platform emulation
he1m4n6a/cve-db - 一个用于生成cve数据库的程序并提供简单的http协议查询接口
sourcegraph/sourcegraph-public-snapshot - Code AI platform with Code Search & Cody
jpillora/chisel - A fast TCP/UDP tunnel over HTTP
paranoidninja/Boomerang - Boomerang is a tool to expose multiple internal servers to web/cloud. Agent & Server are pretty stable and can be used in Red Team for Multiple levels of Pivoting and exposing multiple internal servic
ropnop/kerbrute - A tool to perform Kerberos pre-auth bruteforcing
dwisiswant0/go-dork - The fastest dork scanner written in Go.
hakluke/hakq - A basic golang server/client for distributing tasks over multiple systems.
ctoyan/ponieproxy - Simple proxy which applies filters (default or custom) to your requests and responses, while you browse a website.
cybercdh/kitphishr - A tool designed to hunt for Phishing Kit source code
gokrazy/gokrazy - turn your Go program(s) into an appliance running on the Raspberry Pi 3, Pi 4, Pi 5, Pi Zero 2 W, or amd64 PCs!
aktsk/apk-medit - memory search and patch tool on debuggable apk without root & ndk
sysdream/ligolo - Reverse Tunneling made easy for pentesters, by pentesters https://sysdream.com/
kubernetes-sigs/kustomize - Customization of kubernetes YAML configurations
Static-Flow/gofingerprint - GoFingerprint is a Go tool for taking a list of target web servers and matching their HTTP responses against a user defined list of fingerprints.
aquasecurity/kube-bench - Checks whether Kubernetes is deployed according to security best practices as defined in the CIS Kubernetes Benchmark
D00MFist/Go4aRun - Shellcode runner in GO that incorporates shellcode encryption, remote process injection, block dlls, and spoofed parent process
riza/medusa - Fastest recursive HTTP fuzzer, like a Ferrari.
sunshinev/go-sword - 【Go-sword】可视化CRUD管理后台生成工具
jckuester/awsls - A list command for AWS resources
go-rod/rod - A Chrome DevTools Protocol driver for web automation and scraping.
mailhog/MailHog - Web and API based SMTP testing
kinvolk/lokomotive - ? DISCONTINUED Further Lokomotive development has been discontinued. Lokomotive is a 100% open-source, easy to use and secure Kubernetes distribution from the volks at Kinvolk
stefanoj3/dirstalk - Modern alternative to dirbuster/dirb
sethvargo/go-envconfig - A Go library for parsing struct tags from environment variables.
apache/incubator-seata-go - Go Implementation For Seata
ncarlier/feedpushr - A simple feed aggregator daemon with sugar on top.
michelin/ChopChop - ChopChop is a CLI to help developers scanning endpoints and identifying exposition of sensitive services/files/folders.
projectdiscovery/httpx - httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.
lesnuages/go-execute-assembly - Allow a Go process to dynamically load .NET assemblies
EddieIvan01/iox - Tool for port forwarding & intranet proxy
TheMMMdev/addSome - Simple Go script to check if found domains in a file are already saved in your Findomain database
fuzzitdev/fuzzit - CLI to integrate continuous fuzzing with Fuzzit (no longer available)
smallstep/autocert - ⚓ A kubernetes add-on that automatically injects TLS/HTTPS certificates into your containers
ameenmaali/whoareyou - whoareyou is a tool to find the underlying technology/software used in a list of websites passed through stdin (using Wappalyzer dataset)
ethicalhackingplayground/Zin - A Payload Injector for bugbounties written in go
hakluke/haktldextract - Extract domains/subdomains from URLs en masse
projectdiscovery/chaos-client - Go client to communicate with Chaos DB API.
projectdiscovery/naabu - A fast port scanner written in go with a focus on reliability and simplicity. Designed to be used in combination with other tools for attack surface discovery in bug bounties and pentests
dwisiswant0/cf-check - CloudFlare Checker written in Go
Sh1Yo/rate-limit-checker - Check whether the domain has a rate limit enabled.
asciimoo/wuzz - Interactive cli tool for HTTP inspection
zmap/zgrab2 - Fast Go Application Scanner
ndelphit/apkurlgrep - Extract endpoints from APK files
heroku/terrier - Terrier is a Image and Container analysis tool that can be used to scan Images and Containers to identify and verify the presence of specific files according to their hashes.
projectdiscovery/dnsprobe - DNSProb is a tool built on top of retryabledns that allows you to perform multiple dns queries of your choice with a list of user supplied resolvers.
zmap/zdns - Fast DNS Lookup Library and CLI Tool
jaeles-project/jaeles - The Swiss Army knife for automated Web Application Testing
hahwul/dalfox - ?? Dalfox is a powerful open-source XSS scanner and utility focused on automation.
shomali11/go-interview - Collection of Technical Interview Questions solved with Go
lc/gau - Fetch known URLs from AlienVault's Open Threat Exchange, the Wayback Machine, and Common Crawl.
jesseduffield/lazydocker - The lazier way to manage everything docker
parsiya/Hacking-with-Go - Golang for Security Professionals
projectdiscovery/shuffledns - MassDNS wrapper written in go to enumerate valid subdomains using active bruteforce as well as resolve subdomains with wildcard filtering and easy input-output support.
rhaidiz/broxy - An HTTP/HTTPS intercept proxy written in Go.
TheKingOfDuck/ReverseGoShell - A Golang Reverse Shell Tool With AES Dynamic Encryption
darkr4y/geacon - Practice Go programming and implement CobaltStrike's Beacon in Go
kozlice/slack-webm-sentinel - A bot that tracks .webm links and converts them to .mp4
Go-zh/tour - 【已弃用】新版移至 website 代码仓库
gophish/gophish - Open-Source Phishing Toolkit
sensepost/gowitness - ? gowitness - a golang, web screenshot utility using Chrome Headless
xfiftyone/STS2G - Struts2漏洞扫描利用工具 - Golang版. Struts2 Scanner Written in Golang
ph4ntonn/Stowaway - ?Stowaway -- Multi-hop Proxy Tool for pentesters
geph-official/geph2 - (ARCHIVED) Geph (迷霧通) is a modular Internet censorship circumvention system designed specifically to deal with national filtering.
tomnomnom/hacks - A collection of hacks and one-off scripts
tomnomnom/qsreplace - Accept URLs on stdin, replace all query string values with a user-supplied value
insidersec/insider - Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to im
bnkamalesh/verifier - A minimal, customizable Go package for Email & Mobile number verification
ahhh/nmap-to-netscan - A helper utility for turning nmap xml files into target lists for go-netscan
openkruise/kruise - Automated management of large-scale applications on Kubernetes (incubating project under CNCF)
guonaihong/gout - gout to become the Swiss Army Knife of the http client @^^@---> gout 是http client领域的瑞士军刀,小巧,强大,犀利。具体用法可看文档,如使用迷惑或者API用得不爽都可提issues
aquasecurity/tracee - Linux Runtime Security and Forensics using eBPF
cbeuw/Cloak - A censorship circumvention tool to evade detection by authoritarian state adversaries
gin-gonic/gin - Gin is a HTTP web framework written in Go (Golang).它具有類似馬提尼酒的API,其性能要好得多 - 高達40倍。如果您需要粉碎的性能,請給自己一些杜松子酒。
kataras/iris - The fastest HTTP/2 Go Web Framework. New, modern and easy to learn. Fast development with Code you control. Unbeatable cost-performance ratio
github/gh-ost - GitHub's Online Schema-migration Tool for MySQL
mehrdadrad/radvpn - Decentralized VPN
LyricTian/gin-admin - A lightweight, flexible, elegant and full-featured RBAC scaffolding based on GIN + GORM 2.0 + Casbin 2.0 + Wire DI.
xinliangnote/go-gin-api - 基于 Gin 进行模块化设计的 API 框架,封装了常用功能,使用简单,致力于进行快速的业务研发。比如,支持 cors 跨域、jwt 签名验证、zap 日志收集、panic 异常捕获、trace 链路追踪、prometheus 监控指标、swagger 文档生成、viper 配置文件解析、gorm 数据库组件、gormgen 代码生成工具、graphql 查询语言、errno 统一定义错误码、gR
eolinker/goku_lite - A Powerful HTTP API Gateway in pure golang!Goku API Gateway (中文名:悟空 API 网关)是一个基于 Golang开发的微服务网关,能够实现高性能 HTTP API 转发、服务编排、多租户管理、API 访问权限控制等目的,拥有强大的自定义插件系统可以自行扩展,并且提供友好的图形化配置界面,能够快速帮助企业进行 API 服务治理、提高 AP
yangwenmai/learning-golang - Go 学习之路:Go 开发者博客、Go 微信公众号、Go 学习资料(文档、书籍、视频)
defenxor/dsiem - Security event correlation engine for ELK stack
jesseduffield/lazygit - simple terminal UI for git commands
go-gitea/gitea - Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
sipt/shuttle - A web proxy in Golang with amazing features.
lixiangzhong/dnsutil - dns dig for golang
TruthHun/DocHub - 参考百度文库,使用Beego(Golang)开发的开源文库系统
TimothyYe/godns - A dynamic DNS client tool that supports AliDNS, Cloudflare, Google Domains, DNSPod, HE.net & DuckDNS & DreamHost, etc, written in Go.
cloverstd/tcping - ping over a tcp connection
google/subcommands - Go subcommand library.
fanpei91/torsniff - torsniff - a sniffer that sniffs torrents from BitTorrent network
anshumanbh/merge-nmap-masscan - Merge results from NMAP and Masscan into one CSV file
anoshop/BAT_Check_DomainName -
helloxz/zdir - A multifunctional private storage program that integrates file indexing, online preview, and sharing, supporting both WebDAV and cloud download.
jimeh/tmux-themepack - A pack of various Tmux themes.
xo/usql - Universal command-line interface for SQL databases
miniflux/v2 - Minimalist and opinionated feed reader
AmyangXYZ/DNSSniffer - DNSQuery Sniffer in Golang
OpenBazaar/go-onion-transport - Tor onion transport for IPFS
snail007/goproxy - Proxy is a high performance HTTP(S) proxies, SOCKS5 proxies,WEBSOCKET, TCP, UDP proxy server implemented by golang. Now, it supports chain-style proxies,nat forwarding in different lan,TCP/UDP port
shawn1m/overture - A customized DNS relay server
projectdiscovery/subfinder - Fast passive subdomain enumeration tool.
fardog/secureoperator - A DNS-protocol proxy for DNS-over-HTTPS providers, such as Google and Cloudflare
drish/ben - Your benchmark assistant, written in Go.
Nhoya/gOSINT - OSINT Swiss Army Knife
cw1997/NATBypass - 一款lcx.exe在golang下的实现, 可用于内网穿透, 建立TCP反弹隧道用以绕过防火墙入站限制等, This tool is used to establish reverse tunnel in NAT network environment, it can bypass firewall inbound restriction, support all functions of lcx
sa7mon/S3Scanner - Scan for misconfigured S3 buckets across S3-compatible APIs!
apex/gh-polls - Polls for user feedback in GitHub issues
x90skysn3k/brutespray - Bruteforcing from various scanner output - Automatically attempts default creds on found services.
rabbitstack/fibratus - Adversary tradecraft detection, protection, and hunting
crazy-max/WindowsSpyBlocker - Block spying and tracking on Windows
evilsocket/dnssearch - A subdomain enumeration tool.
zmap/zgrab - DEPRECATED This project has been replaced by https://github.com/zmap/zgrab2
evilsocket/brutemachine - A Go library which main purpose is giving an interface to loop over a dictionary and use those words/lines as input for some custom logic such as HTTP file bruteforcing, DNS bruteforcing, etc.
rqlite/rqlite - The lightweight, user-friendly, distributed relational database built on SQLite.
michenriksen/aquatone - A Tool for Domain Flyovers
anshumanbh/git-all-secrets - A tool to capture all the git secrets by leveraging multiple open source git searching tools
quay/clair - Vulnerability Static Analysis for Containers
InsZVA/tap0901 - Go语言虚拟网卡库,可用于制作对战平台、加速器、防火墙、VPN等
techjacker/repo-security-scanner - CLI tool that finds secrets accidentally committed to a git repo, eg passwords, private keys
FeatureBaseDB/featurebase - A crazy fast analytical database, built on bitmaps. Perfect for ML applications. Learn more at: http://docs.featurebase.com/. Start a Docker instance: https://hub.docker.com/r/featurebasedb/featurebas
kryptco/kr - DEPRECATED A dev tool for SSH auth + Git commit/tag signing using a key stored in Krypton.
c0nrad/go-mbf - MongoDB Login Brute Forcer
coreybutler/nvm-windows - A node.js version management utility for Windows. Ironically written in Go.
Shopify/toxiproxy - ⏰ A TCP proxy to simulate network and system conditions for chaos and resiliency testing
trufflesecurity/trufflehog - Find, verify, and analyze leaked credentials
fatedier/frp - A fast reverse proxy to help you expose a local server behind a NAT or firewall to the internet.
cilium/cilium - eBPF-based Networking, Security, and Observability
linuxkit/linuxkit - A toolkit for building secure, portable and lean operating systems for containers
weaveworks/scope - Monitoring, visualisation & management for Docker & Kubernetes
prasmussen/gdrive - Google Drive CLI Client
StackExchange/dnscontrol - Infrastructure as code for DNS!
sensepost/ruler - A tool to abuse Exchange services
0x4D31/honeybits - A PoC tool designed to enhance the effectiveness of your traps by spreading breadcrumbs & honeytokens across your systems to lure the attacker toward your honeypots
qiniu/qshell - Shell Tools for Qiniu Cloud
gonet2/geoip - query geo-locations of ips
lionsoul2014/ip2region - Ip2region (2.0 - xdb) is a offline IP address manager framework and locator, support billions of data segments, ten microsecond searching performance. xdb engine implementation for many programming la
michenriksen/gitrob - Reconnaissance tool for GitHub organizations
huichen/wukong - 高度可定制的全文搜索引擎
beego/beego - beego is an open-source, high-performance web framework for the Go programming language.
xtaci/kcptun - A Quantum-Safe Secure Tunnel based on QPP, KCP, FEC, and N:M multiplexing.
unknwon/the-way-to-go_ZH_CN - 《The Way to Go》中文译本,中文正式名《Go 入门指南》
urfave/negroni - Idiomatic HTTP Middleware for Golang
ankushs92/geolocation-useragent-parser-rest-api - A very fast geolocation and user-agent analysis REST API. Written in Groovy on top of Vert.x platform.
HCl
bridgecrewio/terragoat - TerraGoat is Bridgecrew's "Vulnerable by Design" Terraform repository. TerraGoat is a learning and training project that demonstrates how common configuration errors can find their way into production
HuskyHacks/PMAT-labs - Labs for Practical Malware Analysis & Triage
christophetd/Adaz - ? Deploy customizable Active Directory labs in Azure - automatically.
nozaq/terraform-aws-secure-baseline - Terraform module to set up your AWS account with the secure baseline configuration based on CIS Amazon Web Services Foundations and AWS Foundational Security Best Practices.
ralphte/devops_4_hackers - DevOps for Hackers with Hands-On Labs w/ Ralph May (4-Hour Workshop)
cfalta/activedirectory-lab - Terraform config to spin up a domain controller and some member servers in azure
satan1a/TheRoadOfSO - 学习安全运营的记录 | The knowledge base of security operation
lovechoudoufu/baselinecheck_cdf - Security check of system baseline.服务器基线检查工具。基于python3造的对linux、windows服务器做基线核查的轮子。
Th30neAnd0nly/AIRAVAT - A multifunctional Android RAT with GUI based Web Panel without port forwarding.
kagancapar/CVE-2022-29072 - 7-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
ultrasecurity/Storm-Breaker - Social engineering tool [Access Webcam & Microphone & Location Finder] With {Py,JS,PHP}
lijiejie/eyes.sh - Optimized DNS/HTTP Log Tool for pentesters, faster and easy to use.
jatinkalwar/fisher - New phishing tool with 30+ templates updated tool
JDArmy/RTASS - 红蓝对抗量化评估系统(Red Team Assessment Scoring System)
reconmap/pentest-reports-static - Collection of penetration test reports and pentest report templates. Published by the the best security companies in the world.
redteamwiki/redteamwiki -
etlownoise/xolo - Tool to crawl, visualize and interact with SQL server links in a d3 graph to help in your red/blue/purple/.../risk assessments pentest hacking team exercises.
Rvn0xsy/SMTP-NC - SMTP Netcat , test SMTP protocol
EdOverflow/bugbountyguide - Bug Bounty Guide is a launchpad for bug bounty programs and bug bounty hunters.
tombstoneghost/TIWAP - Totally Insecure Web Application Project (TIWAP)
mpast/mobileAudit - Django application that performs SAST and Malware Analysis for Android APKs
klezVirus/CVE-2021-40444 - CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
OWASP/Top10 - Official OWASP Top 10 Document Repository
lockedbyte/CVE-2021-40444 - CVE-2021-40444 PoC
ybdt/fish-hub - 社工钓鱼
HangZhouCat/ReaverAPKTools - 逆向APK工具
cckuailong/vulbase - 各大漏洞文库合集
techchipnet/CamPhish - Grab cam shots from target's phone front camera or PC webcam just sending a link.
Accruent/owasp-zap-historic - Store ZAP reports historically and compare current ZAP results against the most recent for changes in alerts.
OtherDevOpsGene/zap-sonar-plugin - Integrates OWASP Zed Attack Proxy reports into SonarQube
IQTLabs/AuraBorealisApp - Do You Know What's In Your Python Packages? A Tool for Visualizing Python Package Registry Security Audit Data
r00tk1ts/binary-security-tutorial - Resource assembly of 'Binary Security Tutorial' online course of mine. Video link:https://pan.baidu.com/s/1ltcHIehhLFVFMvru6tGQ8A Passwd:axje
OWASP/NodeGoat - The OWASP NodeGoat project provides an environment to learn how OWASP Top 10 security risks apply to web applications developed using Node.js and how to effectively address them.
tangxiaofeng7/SecExample - JAVA 漏洞靶场 (Vulnerability Environment For Java)
iknowjason/BlueCloud - Cyber Range including Velociraptor + HELK system with a Windows VM for security testing and R&D. Azure and AWS terraform support.
The-Login/DNS-Reset-Checker - Tools to assess the DNS security of web applications
rpetrich/deciduous - App that simplifies building decision trees to model adverse scenarios
M4tir/M-Scan - Optical Chain Scanner 光链安全扫描器
chainflag/ctfd-neon-theme -
ctf-wiki/ctf-challenges -
Cl0udG0d/pppXray - Xray批量化自动扫描
woj-ciech/Shomap - Create visualization from Shodan query
ripienaar/free-for-dev - A list of SaaS, PaaS and IaaS offerings that have free tiers of interest to devops and infradev
Puliczek/CVE-2021-21123-PoC-Google-Chrome - ? ? Google Chrome - File System Access API - vulnerabilities reported by Maciej Pulikowski | Total Bug Bounty Reward: $5.000 | CVE-2021-21123 and 5 more...
ustayready/CredSniper - CredSniper is a phishing framework written with the Python micro-framework Flask and Jinja2 templating which supports capturing 2FA tokens.
M-Kings/BypassAv-web - nim一键免杀
collabnix/kubetools - Kubetools - Curated List of Kubernetes Tools
jonasstrehle/supercookie -配x Browser fingerprinting via favicon!
alivx/CIS-Ubuntu-20.04-Ansible - Ansible Role to Automate CIS v1.1.0 Ubuntu Linux 18.04 LTS, 20.04 LTS Remediation
WADComs/WADComs.github.io - WADComs is an interactive cheat sheet, containing a curated list of offensive security tools and their respective commands, to be used against Windows/AD environments.
xsleaks/wiki - XS-Leaks Wiki
ethicalhackingplayground/SubNuke - Subdomain Takeover tool with web UI
qkqpttgf/OneManager-php - An index & manager of Onedrive based on serverless. Can be deployed to Heroku/Glitch/Vercel/Replit/SCF/FG/FC/CFC/PHP web hosting/VPS.
sense-of-security/ADRecon - ADRecon is a tool which gathers information about the Active Directory and generates a report which can provide a holistic picture of the current state of the target AD environment.
KnightSec-Official/Phlexish - Advanced Spear Phishing tool for Facebook with 2 factor authentication bypass! May contain minor bugs due to...idk
math1as/Windows-GDI-fuzzer - Windows Graphics Device Interface (GDI+) fuzzer
sayaanalam/CORS-EXPLOIT -
mixmark-io/turndown - ? An HTML to Markdown converter written in JavaScript
yogeshojha/rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous mon
dongfangyuxiao/BurpExtend - 基于Burp插件开发打造渗透测试自动化
FeeiCN/Security-PPT - Security-related Slide Presentation & Security Research Report(大安全各领域各公司各会议分享的PPT以及各类安全研究报告)
madhuakula/kubernetes-goat - Kubernetes Goat is a "Vulnerable by Design" cluster environment to learn and practice Kubernetes security using an interactive hands-on playground
momenbasel/keyFinder - Keyfinder? is a tool that let you find keys while surfing the web!
Arryboom/Language - Some dirty tricks to learn different programming language.
humblelad/Needle - Instant access to you bug bounty submission dashboard on various platforms + publicly disclosed reports + #bugbountytip
subspacecommunity/subspace - A fork of the simple WireGuard VPN server GUI community maintained
mubix/post-exploitation-wiki - Post Exploitation Wiki
nccgroup/autochrome - This tool downloads, installs, and configures a shiny new copy of Chromium.
knassar702/hacking-lab - Small Vulnerable Web App
Mr-xn/BurpSuite-collections - 有关burpsuite的插件(非商店),文章以及使用技巧的收集(此项目不再提供burpsuite破解文件,如需要请在博客mrxn.net下载)---Collection of burpsuite plugins (non-stores), articles and tips for using Burpsuite, no crack version file
hackxc/xss_flash - Xss之Flash钓鱼
proabiral/inception - A highly configurable Framework for easy automated web scanning
vavkamil/bugbountytip.com - Flask powered website to display tweets with a hashtag #bugbountytip
bb1nfosec/Information-Security-Tasks - This repository is created only for infosec professionals whom work day to day basis to equip ourself with uptodate skillset, We can daily contribute daily one hour for day to day tasks and work on pr
si9int/Subra - A Web-UI for subdomain enumeration (subfinder)
clong/DetectionLab - Automate the creation of a lab environment complete with security tooling and logging best practices
drduh/YubiKey-Guide - Guide to using YubiKey for GnuPG and SSH
nu11secur1ty/Windows10Exploits - Microsoft » Windows 10 : Security Vulnerabilities
myvyang/chromium_for_spider - dynamic crawler for web vulnerability scanner
Coq-zh/SF-zh - 《软件基础》中译版 Software Foundations Chinese Translation
forecho/hugo-theme-echo - A super concise theme for Hugo
nshalabi/ATTACK-Tools - Utilities for MITRE™ ATT&CK
HiddenStrawberry/Crawler_Illegal_Cases_In_China - Collection of China illegal cases about web crawler 本项目用来整理所有中国大陆爬虫开发者涉诉与违规相关的新闻、资料与法律法规。致力于帮助在中国大陆工作的爬虫行业从业者了解我国相关法律,避免触碰数据合规红线。 [AD]中文知识图谱门户
shubhamshubhankar/DumpTheGit - DumpTheGit searches through public repositories to find sensitive information uploaded to the Github repositories.
xfirefly/Airplay-SDK - The Best Airplay SDK supports Airplay Mirroring and AirPlay Casting to a receiver device.
maaaaz/androwarn - Yet another static code analyzer for malicious Android applications
cch123/golang-notes - Go source code analysis(zh-cn)
xazlsec/APT_Sample-Weapoon - Pull some collected APT group related samples, ransomware, remote control and other malicious programs for security researchers to use.
rigtorp/awesome-modern-cpp - A collection of resources on modern C++
yzhu798/CodingInterviewsNotes - 涵盖C++ Primer 5th、 effective C++ 、 STL api和demos C++ 基础知识与理论、 智能指针、C++11、 Git教程 Linux命令 Unix操作系统(进程、线程、内存管理、信号)计算机网络、 数据结构(排序、查找)、数据库、、C++对象模型、 设计模式、算法(《剑指offer》、leetcode、lintcode、hihocoder、《王道程序员求职宝典》
Ebryx/Nessus_Map - Parse .nessus file(s) and shows output in interactive UI
Igglybuff/awesome-piracy - A curated list of awesome warez and piracy links
TgeaUs/Weak-password - 字典大全 dictionary
nsacyber/Windows-Secure-Host-Baseline - Configuration guidance for implementing the Windows 10 and Windows Server 2016 DoD Secure Host Baseline settings. #nsacyber
fate0/proxylist - proxylist, generate by fate0/getproxy project in every 15 minute
salesforce/vulnreport - Open-source pentesting management and automation platform by Salesforce Product Security
HACK-BLOSSOM/DIY-Cybersecurity-For-Domestic-Violence - Abuse adapts to technology. You deserve privacy and compassion.
twngo/privacytools-zh - privacytool.io -Traditional Chinese version
privacytools/privacytools.io - ?? You are being watched. Protect your privacy against global mass surveillance.
l3m0n/wooyun-wiki - wiki.wooyun.org的部分快照网页
odin1314/skills - Linux、WAF、正则、web安全等一些知识点的总结
rdkmaster/jigsaw - Jigsaw七巧板 provides a set of web components based on Angular5/8/9+. The main purpose of Jigsaw is to help the application developers to construct complex & intensive interacting & user friendly web pag
burpsuite/Manual -
sukeesh/Music-Downloader - Download any music from web
chrisallenlane/drek - A static-code-analysis tool for performing security-focused code reviews. It enables an auditor to swiftly map the attack-surface of a large application, with an emphasis on identifying development an
ihebski/angryFuzzer - Tools for information gathering
bitcoinbook/bitcoinbook - Mastering Bitcoin 3rd Edition - Programming the Open Blockchain
wisec/domxsswiki - Automatically exported from code.google.com/p/domxsswiki
byoungd/English-level-up-tips - An advanced guide to learn English which might benefit you a lot ? 。 離譜的英語學習指南/英語學習教程。
SecWiki/ipot - Honeypot Research Blog 蜜罐技术研究小组
keithjjones/visualize_logs - A Python library and command line tools to provide interactive log visualization.
ITI/ICS-Security-Tools - Tools, tips, tricks, and more for exploring ICS Security.
bitdust/WamaCry - a fake WannaCry
juliocesarfort/public-pentesting-reports - A list of public penetration test reports published by several consulting firms and academic security groups.
cure53/HTTPLeaks - HTTPLeaks - All possible ways, a website can leak HTTP requests
SamJoan/droopescan - A plugin-based scanner that aids security researchers in identifying issues with several CMSs, mainly Drupal & Silverstripe.
justid/InlineAMP - InlineAMP is an AMP ready WordPress theme.
哈斯克爾
dapphub/dapptools - Dapp, Seth, Hevm, and more
jekor/gressgraph - visualize your iptables firewall
github/semantic - Parsing, analyzing, and comparing source code across many languages
digitallyinduced/ihp - The fastest way to build type safe web apps. IHP is a new batteries-included web framework optimized for longterm productivity and programmer happiness
iostreamer-X/FuncShell - Improve your shell by making it functional through Haskell! (An update to Awkward)
huangzworks/real-world-haskell-cn - 《Real World Haskell》中文翻译项目
yutianqaq/BypassAV-Online - An online AV evasion platform written in Springboot (Golang, Nim, C) supports inline, local and remote loading of Shellocde methods.
1101439360/License - 软件产品License控制简单实现
RKQF-JVS/jvs-teamwork - 任务管理是企业内部事务协同的重要工具【参考teamwork、worktile、trello等多种产品对项目的管理理念】。包含项目管理(任务看板)、个人待办(to do list)、目标管理(OKR)三大核心功能。通过项目-任务的管理方式,在公开透明的任务看板,随时掌握项目进展,多级任务分配到人,知道「谁」在「何时」「做什么」。
Yong-An-Dang/nuclei-plus - Functional enhancement based on nuclei
sleeyax/burp-awesome-tls - Burp extension to evade TLS fingerprinting. Bypass WAF, spoof any browser.
pacemrc/VulDebug - Java漏洞调试分析集合
bcvgh/daydayEXP - 支持自定义Poc文件的图形化漏洞利用工具
Whoopsunix/JavaRce - Common Exploitation Techniques for Java RCE Vulnerabilities in Real-World Scenarios | 实战场景较通用的 Java Rce 相关漏洞的利用方式
codewatchorg/Burp-UserAgent - Automatically modify the User-Agent header in all Burp requests
0x727/BypassPro - 对权限绕过自动化bypass的burpsuite插件
aress31/burpgpt - A Burp Suite extension that integrates OpenAI's GPT to perform an additional passive scan for discovering highly bespoke vulnerabilities and enables running traffic-based analysis of any type.
Roboterh/JNDI-injector -
d3mondev/burp-vps-proxy - This Burp Suite extension allows for the automatic creation and deletion of an upstream SOCKS5 proxy on popular cloud services.
dqzg12300/MikRom - ROM逆向工具
qi4L/JYso - It can be either a JNDIExploit or a ysoserial.
LaurieWired/JADXecute - JADX-gui scripting plugin for dynamic decompiler manipulation
cckuailong/JNDI-Injection-Exploit-Plus - 80+ Gadgets(30 More than ysoserial). JNDI-Injection-Exploit-Plus is a tool for generating workable JNDI links and provide background services by starting RMI server,LDAP server and HTTP server.
pnpninja/nsetools - A Java Implementation of nse-tools package in Python
wh1t3p1g/tabby-path-finder - A neo4j procedure for tabby
ca3tie1/CrackSleeve - 破解CS4.0
KeenSecurityLab/BinAbsInspector - BinAbsInspector: Vulnerability Scanner for Binaries
doocs/jvm - ? JVM 底层原理最全知识总结
alibaba/DataX - DataX是阿里云DataWorks数据集成的开源版本。
ChrisM09/KNX-Bus-Dump - A tool to listen on a KNX bus via TPUART and the Calimero Project suite and to dump the data from the packets into a Wireshark-Compatible file hex dump.
billyJoePiano/TenaPull - TenaPull is a configurable Java application which fetches and processes the data from one or more Nessus APIs, and converts it into JSON ouputs that are usable by Splunk
projectdiscovery/nuclei-burp-plugin - Nuclei plugin for BurpSuite
tangxiaofeng7/Spring-Cloud-Function-Spel - Spring Cloud Function Spel命令执行漏洞
xxDark/JavaShellcodeInjector - Java utility that allows to inject shell code and execute it
czz1233/GBByPass - 冰蝎 哥斯拉 WebShell bypass
Endava/cats - CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing
nsacyber/GRASSMARLIN - Provides situational awareness of Industrial Control Systems (ICS) and Supervisory Control and Data Acquisition (SCADA) networks in support of network security assessments. #nsacyber
BeichenDream/InjectJDBC - 注入JVM进程 动态获取目标进程连接的数据库
Y4tacker/JavaSec - a rep for documenting my study, may be from 0 to 0.1
ultimate-pa/ultimate - The Ultimate program analysis framework.
opengoofy/hippo4j - ? 异步线程池框架,支持线程池动态变更&监控&报警,无需修改代码轻松引入。Asynchronous thread pool framework, support Thread Pool Dynamic Change & monitoring & Alarm, no need to modify the code easily introduced.
six2dez/wahh_extras - The Web Application Hacker's Handbook - Extra Content
whwlsfb/Log4j2Scan - Log4j2 RCE Passive Scanner plugin for BurpSuite
Ovi3/010Editor-Template - 010Editor Templates
Firebasky/Java - 关于学习java安全的一些知识,正在学习中ing,欢迎fork and star
f0ng/log4j2burpscanner - CVE-2021-44228 Log4j2 BurpSuite Scanner,Customize ceye.io api or other apis,including internal networks
cryptomator/cryptomator - Multi-platform transparent client-side encryption of your files in the cloud
r00tSe7en/JNDIMonitor - 一个LDAP请求监听器,摆脱dnslog平台
twseptian/spring-boot-log4j-cve-2021-44228-docker-lab - Spring Boot Log4j - CVE-2021-44228 Docker Lab
Contrast-Security-OSS/safelog4j - Safelog4j is an instrumentation-based security tool to help teams discover, verify, and solve log4shell vulnerabilities without scanning or upgrading
theque5t/Detect4j - Runnable jar that detects if a specific class(es) is in use within existing JVMs
lz2y/yaml-payload-for-ruoyi - A memory shell for ruoyi
madCdan/JndiLookup - Some tools to help mitigating Apache Log4j 2 CVE-2021-44228
christophetd/log4shell-vulnerable-app - Spring Boot web application vulnerable to Log4Shell (CVE-2021-44228).
back2root/log4shell-rex - PCRE RegEx matching Log4Shell CVE-2021-44228 IOC in your logs
Cybereason/Logout4Shell - Use Log4Shell vulnerability to vaccinate a victim server against Log4Shell
nccgroup/log4j-jndi-be-gone - A Byte Buddy Java agent-based fix for CVE-2021-44228, the log4j 2.x "JNDI LDAP" vulnerability.
javaweb-sec/javaweb-sec -
woodpecker-appstore/log4j-payload-generator - Log4j jndi injects the Payload generator
CodeShield-Security/Log4JShell-Bytecode-Detector - Local Bytecode Scanner for the Log4JShell Vulnerability (CVE-2021-44228)
javasec/log4j-patch - log4j-patch 修改字节码实现补丁防御
qingtengyun/cve-2021-44228-qingteng-online-patch - Hot-patch CVE-2021-44228 by exploiting the vulnerability itself.
artsploit/yaml-payload - A tiny project for generating SnakeYAML deserialization payloads
ba0gu0/520apkhook - 将安卓远控Apk附加进普通的App中,运行新生成的App时,普通App正常运行,远控正常上线。Attach the Android remote control APK to a regular app. When the newly generated app is launched, the regular app operates as normal while the remote con
Static-Flow/RepeaterSearch - This extension adds a search bar to the Repeater tab that can be used to highlight all repeater tabs where the request and/or response matches a query via simple text matching or Regex.
StringCare/AndroidLibrary - Android library to reveal or obfuscate strings and assets at runtime
SasanLabs/owasp-zap-fileupload-addon - OWASP ZAP add-on for finding vulnerabilities in File Upload functionality.
jenkinsci/contrast-continuous-application-security-plugin - Jenkins Plugin from Contrast Security
gdgd009xcd/AutoMacroBuilderForZAP - A ZAPROXY Add-on that allows testing of web application vulnerabilities by recording complex multi-step sequences. You can test applications that need to access pages in a specific order, such as sh
jenkinsci/fortify-plugin - Fortify Jenkins plugin
openraven/magpie - A Cloud Security Posture Manager or CSPM with a focus on security analysis for the modern cloud stack and a focus on the emerging threat landscape such as cloud ransomware and supply chain attacks.
pt-tools/rmi_bypass_jep290 -
trung/InMemoryJavaCompiler - Utility class to compile java source code in memory
sepinf-inc/IPED - IPED Digital Forensic Tool. It is an open source software that can be used to process and analyze digital evidence, often seized at crime scenes by law enforcement or in a corporate investigation by p
cmu-sei/kaiju - CERT Kaiju is a binary analysis framework extension for the Ghidra software reverse engineering suite. This repository is a "mirror" -- please file tickets, bug reports, or pull requests at the upstre
Dor-Tumarkin/CVE-2021-25641-Proof-of-Concept - Apache/Alibaba Dubbo <= 2.7.3 PoC Code for CVE-2021-25641 RCE via Deserialization of Untrusted Data; Affects Versions <= 2.7.6 With Different Gadgets
JunGe-Y/JustTrustMePP -
su18/MemoryShell - JavaWeb MemoryShell Inject/Scan/Killer/Protect Research & Exploring
Hakky54/mutual-tls-ssl - ? Tutorial of setting up Security for your API with one way authentication with TLS/SSL and mutual authentication for a java based web server and a client with both Spring Boot. Different clients are
xxux11/http-methods-discloser -
durkworf/BCELconvert - bcel转码
synacktiv/HopLa - HopLa Burp Suite Extender plugin - Adds autocompletion support and useful payloads in Burp Suite
wh1t3p1g/tabby - A CAT called tabby ( Code Analysis Tool )
Ramos-dev/graph4code - 超硬核!使用图数据技术发现软件漏洞
java-deobfuscator/deobfuscator-gui - An awesome GUI for an awesome deobfuscator
raise-isayan/FakeCert - Burp suite Certificate modification tool
bailsong/BurpDecoder - This is a Burpsuite Extension that will be able to Auto-Decode intercepted request message by PROXY TOOL before the message was shown in PROXY Panel ,and Auto-Encode request message after it forwarde
Ebryx/SRePlay - Burpsuite Plugin to bypass strict RePlay protection
LSPosed/AndroidHiddenApiBypass - LSPass: Bypass restrictions on non-SDK interfaces
ThexXTURBOXx/bytecode-viewer - A Java 8+ Jar & Android APK Reverse Engineering Suite (Decompiler, Editor, Debugger & More)
Y4er/yaml-payload - Spring Cloud SnakeYAML 反序列化一键注入cmdshell和reGeorg
LandGrey/spring-boot-upload-file-lead-to-rce-tricks - spring boot Fat Jar 任意写文件漏洞到稳定 RCE 利用技巧
bwcxljsm/Fofa-collect - Fofa采集工具
safeYYY/easyHook - 直接指定hook目标,无需重新编写hook代码
HXSecurity/DongTai-agent-java - Java Agent is a Java application probe of DongTai IAST, which collects method invocation data during runtime of Java application by dynamic hooks.
0Chencc/DaE - CTFCrackTools 's BurpSuite Plugin - Decode and Encode
ffffffff0x/BerylEnigma - ffffffff0x team toolset for penetration testing, cryptography research, CTF and daily use. | ffffffff0x 團隊工具集,用來進行滲透測試,密碼學研究,CTF和日常使用。
Josue87/BurpMetaFinder - Burp Suite extension for extracting metadata from files
gdgd009xcd/AutoMacroBuilder - A BurpSuite Add-on that allows testing of web application vulnerabilities by recording complex multi-step sequences. You can test applications that need to access pages in a specific order, such as s
jcasbin/shiro-casbin - Apache Shiro's authorization middleware based on Casbin
TheKingOfDuck/Loki - 一个轻量级Web蜜罐 - A Little Web Honeypot.??????
SecureSkyTechnology/burpextender-proxyhistory-webui - Burp Extender : Proxy History viewer in Web UI
nscuro/bradamsa-ng - Burp Suite extension for Radamsa-powered fuzzing with Intruder
hvqzao/burp-wildcard - Burp extension intended to compact Burp extension tabs by hijacking them to own tab.
BitTheByte/BitTraversal - Burpsuite Plugin to detect Directory Traversal vulnerabilities
raise-isayan/ViewStateDecoder - Burpsuite extension. Supports ASP.NET ViewStateDecoder
simioni87/auth_analyzer - Burp Extension for testing authorization issues. Automated request repeating and parameter value extraction on the fly.
wagiro/BurpBounty - Burp Bounty (Scan Check Builder in BApp Store) is a extension of Burp Suite that allows you, in a quick and simple way, to improve the active and passive scanner by means of personalized rules through
pimps/ysoserial-modified - That repository contains my updates to the well know java deserialization exploitation tool ysoserial.
jas502n/CVE-2020-26259 - CVE-2020-26259: XStream is vulnerable to an Arbitrary File Deletion on the local host when unmarshalling as long as the executing process has sufficient rights.
lwierzbicki/RegexFinder - RegexFinder - Burp Suite extension to passively scan responses for occurrence of regular expression patterns.
aress31/openapi-parser - Parse OpenAPI documents into Burp Suite for automating OpenAPI-based APIs security assessments (approved by PortSwigger for inclusion in their official BApp Store).
augustd/burp-suite-utils - Utilities for creating Burp Suite Extensions.
pimps/JNDI-Exploit-Kit - JNDI-Exploitation-Kit(A modified version of the great JNDI-Injection-Exploit created by @welk1n. This tool can be used to start an HTTP Server, RMI Server and LDAP Server to exploit java web apps vuln
dschadow/JavaSecurity - Java web and command line applications demonstrating various security topics
w296488320/XposedAppium - 基于Xposed自动化框架
w296488320/XposedOkHttpCat -
WindySha/Xpatch - This is a tool to repackage apk file, then the apk can load any xposed modules installed in the device. It is another way to hook an app without root device.
framgia/android-emulator-detector - Easy to detect android emulator
gdelmas/IntelliJDashPlugin - A smart and simple plugin that provides keyboard shortcut access for Dash, Velocity or Zeal in IntelliJ IDEA, RubyMine, WebStorm, PhpStorm, PyCharm and Android Studio.
rewanthtammana/Damn-Vulnerable-Bank - Damn Vulnerable Bank is designed to be an intentionally vulnerable android application. This provides an interface to assess your android application security hacking skills.
jeremylong/DependencyCheck - OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Freakboy/jgraphx - jgraphx 4.0.4 build for cs project
xiaoxiaoleo/Burp-Auto-Do-Intercept - Burp Suite Extender can auto intercept response for specify URL.
EXALAB/AnLinux-App - AnLinux allow you to run Linux on Android without root access.
doyensec/burpdeveltraining - Material for the training "Developing Burp Suite Extensions – From Manual Testing to Security Automation"
luoyesiqiu/DexRepair - Android dex文件修复程序
bit4woo/burp-api-drops - burp插件开发指南
rohanpadhye/JQF - JQF + Zest: Coverage-guided semantic fuzzing for Java.
hakistan/Lokiboard-Mod - Just Mod Version of lokiboard with remote reporting via Gmail
moloch--/burp-multiplayer - Burp with Friends
c0ny1/java-memshell-scanner - 通过jsp脚本扫描java web Filter/Servlet型内存马
DependencyTrack/dependency-track - Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.
motikan2010/CVE-2020-5398 - CVE-2020-5398 - RFD(Reflected File Download) Attack for Spring MVC
snyk/snyk-maven-plugin - Test and monitor your projects for vulnerabilities with Maven. This plugin is officially maintained by Snyk.
thatcherclough/BetterBackdoor - A backdoor with a multitude of features.
ThisIsLibra/AndroidProjectCreator - Convert an APK to an Android Studio Project using multiple open-source decompilers
pwntester/StaticInitializerPayload -
shuzijun/leetcode-editor - Do Leetcode exercises in IDE, support leetcode.com and leetcode-cn.com, to meet the basic needs of doing exercises.Support theoretically: IntelliJ IDEA PhpStorm WebStorm PyCharm RubyMine AppCode CLion
stevespringett/threatmodel-sdk - A Java library for parsing and programmatically using threat models
canyie/pine - Dynamic java method hook framework on ART. Allowing you to change almost all java methods' behavior dynamically.
google/tsunami-security-scanner - Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.
SycloverSecurity/SCTF2020 - SCTF2020
keycloak/keycloak - Open Source Identity and Access Management For Modern Applications and Services
mogwailabs/rmi-deserialization - Slides/Demos from the BSides Munich 2019 talk "Attacking Java RMI in 2019"
dineshshetty/FridaLoader - A quick and dirty app to download and launch Frida on Genymotion and rooted Physical Android Devices
jpiechowka/burp-security-headers-checker - Super simple Burp Suite extension adding passive scanner checks for missing security headers in server responses
salesforce/VulnreportForBurp - Burp Suite extension to enable reporting findings directly to VulnReport
celsogbezerra/Copy-as-JavaScript-Request - Copy as JavaScript Request plugin for Burp Suite
bit4woo/burp-api-common - common methods that used by my burp extension projects
ldionmarcil/burp-samesite-reporter - Burp extension that passively reports various SameSite flags
augustd/burp-suite-swaggy - Burp Suite extension for parsing Swagger web service definition files
raise-isayan/BigIPDiscover - It becomes the extension of Burp suite. The cookie set by the BipIP server may include a private IP, which is an extension to detect that IP
madneal/r-forwarder-burp - The burp extension to forward the request
wrvenkat/burp-multistep-csrf-poc - Burp extension to generate multi-step CSRF POC.
augustd/burp-suite-jsonpath - JSONPath extension for BurpSuite
righettod/log-requests-to-sqlite - BURP extension to record every HTTP request send via BURP and create an audit trail log of an assessment.
usdAG/cstc - CSTC is a Burp Suite extension that allows request/response modification using a GUI analogous to CyberChef
humblelad/TeaBreak - A productivity burp extension which reminds to take break while you are at work!
cxxsheng/profiler - A tool to trace java method dynamically for android application.
veracode-research/rogue-jndi - A malicious LDAP server for JNDI injection attacks
whwlsfb/BurpCrypto - BurpCrypto is a collection of burpsuite encryption plug-ins, support AES/RSA/DES/ExecJs(execute JS encryption code in burpsuite). 支持多种加密算法或直接执行JS代码的用于爆破前端加密的BurpSuite插件
BishopFox/rmiscout - RMIScout uses wordlist and bruteforce strategies to enumerate Java RMI functions and exploit RMI parameter unmarshalling vulnerabilities
anatolikalysch/roots_a11y - PoC files for the publication 'How Android's UI Security is Undermined by Accessibility'.
threedr3am/JSP-WebShells - Collect JSP webshell of various implementation methods. 收集JSP Webshell的各种姿势
langgithub/JustTrustMePlus -
LandGrey/SpringBootVulExploit - SpringBoot 相关漏洞学习资料,利用方法和技巧合集,黑盒安全评估 check list
rsrdesarrollo/generator-burp-extension - Everything you need about Burp Extension Generation
mr-m0nst3r/Burpy - A plugin that allows you execute python and get return to BurpSuite.
c0ny1/java-object-searcher - java内存对象搜索辅助工具
SonarSource/sonarqube - Continuous Inspection
find-sec-bugs/find-sec-bugs - The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
